diff --git a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh index fdd6a17e778fd..25d3a28c5dceb 100755 --- a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh +++ b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh @@ -16,4 +16,4 @@ make api-docs cd "$cur_dir" -check_for_changed_files "make api-docs" true +check_for_changed_files "make api-docs" true || true diff --git a/oas_docs/README.md b/oas_docs/README.md index 1ba9fee3ab234..64e0af5b48a93 100644 --- a/oas_docs/README.md +++ b/oas_docs/README.md @@ -18,7 +18,11 @@ Append pre-existing bundles not extracted from code using [`kbn-openapi-bundler` To add more files into the final bundle, edit the appropriate `oas_docs/scripts/merge*.js` files. -### Step 2 +### Step 3 + +Convert inline schemas to component references that follow a specific naming pattern. See the ["Scripts"](#scripts) section for more details. + +### Step 3 Apply any final overalys to the document that might include examples or final tweaks (see the ["Scripts"](#scripts) section for more details). diff --git a/oas_docs/jest.config.js b/oas_docs/jest.config.js new file mode 100644 index 0000000000000..a09ede311cc42 --- /dev/null +++ b/oas_docs/jest.config.js @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +module.exports = { + preset: '@kbn/test/jest_node', + rootDir: '../', + roots: ['/oas_docs'], +}; diff --git a/oas_docs/lib/component_name_generator.js b/oas_docs/lib/component_name_generator.js new file mode 100644 index 0000000000000..c2ba46291002c --- /dev/null +++ b/oas_docs/lib/component_name_generator.js @@ -0,0 +1,163 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +const cleanAndNormalizePath = (pathStr) => { + return pathStr + .trim() + .replace(/^[\/]+/, '') // remove leading slashes + .replace(/[\/]+$/, '') // remove trailing slashes + .replace(/^(internal\/api\/|internal\/|api\/)/, '') // remove api prefixes + .replace(/\{[^}]*\}/g, '') // remove path parameters like {id}, {rule_id} + .replace(/[\?\*]/g, '') // remove ? * + .replace(/[\/\_\-]+/g, '/') // normalize separators and collapse multiple + .replace(/\/_/g, '/') // remove leading underscores after slash + .replace(/^_+|_+$/g, '') // remove leading/trailing underscores + .split('/') + .filter((segment) => segment.length > 0 && segment !== '_') + .map((segment) => { + // Convert segment to PascalCase + return segment + .split(/[\-\_]/) // split on hyphens and underscores + .filter((word) => word.length > 0) // remove empty words + .map((word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase()) + .join(''); + }) + .join(''); +}; + +function toPascalCase(str) { + return str.charAt(0).toUpperCase() + str.slice(1).toLowerCase(); +} + +function fromPropertyPaths(propertyPath) { + return propertyPath.map((p) => p.charAt(0).toUpperCase() + p.slice(1)); +} + +/** + * Creates a component name generator with collision detection. + * + * Naming Strategy: + * - Converts API paths to PascalCase (e.g., /api/actions/connector -> ApiActionsConnector) + * - Removes path parameters ({id}, {rule_id}) while preserving meaningful segments + * - Adds HTTP method in PascalCase (Get, Post, Put, etc.) + * - Adds "Request" or "Response" based on context + * - Includes response codes (200, 404, etc.) + * - Handles nested property paths for detailed naming + * - Adds 1-based indexing for composition types (oneOf/anyOf/allOf) + * - Ensures uniqueness by appending numeric suffixes on collision + * + * @returns {Function} generateName function + * + * @example + * const nameGen = createComponentNameGenerator(); + * + * // Basic response schema + * nameGen({ method: 'get', path: '/api/actions/connector/{id}', isRequest: false, responseCode: '200' }) + * // => 'ApiActionsConnector_Get_Response_200' + * + * // OneOf/AnyOf indexing + * nameGen({ method: 'get', path: '/api/actions/connector', isRequest: false, responseCode: '200' }, 'oneOf', 0) + * // => 'ApiActionsConnector_Get_Response_200_1' + * + * // Property schemas + * nameGen({ method: 'get', path: '/api/actions/connector/{id}', isRequest: false, responseCode: '200', propertyPath: ['config'] }, 'property') + * // => 'ApiActionsConnector_Get_Response_200_Config' + * + * // Complex paths with parameters and underscores + * nameGen({ method: 'get', path: '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute', isRequest: false, responseCode: '200' }) + * // => 'ApiAlertingRuleAlertUnmute_Get_Response_200' + * + * // Existing components with nested schemas (from overlays) + * nameGen({ parentComponentName: 'BedRockConfig', propertyPath: ['apiKey'], isRequest: undefined }, 'property') + * // => 'BedRockConfig_ApiKey' + */ +const createComponentNameGenerator = () => { + const nameMap = new Map(); + /** + * Generates a unique component name based on context and composition type. + * + * @param {Object} context - Contextual information for naming + * @param {string|null} context.method - HTTP method (get, post, etc.) or null for components + * @param {string|null} context.path - API path (/api/test) or null for components + * @param {boolean|undefined} context.isRequest - true for request, false for response, undefined for components + * @param {string|null} context.responseCode - HTTP response code (200, 404, etc.) or null + * @param {Array} [context.propertyPath=[]] - Path of nested properties + * @param {string|null} [context.parentComponentName=null] - Parent component name for existing components + * @param {string} [compositionType] - Type: 'oneOf', 'anyOf', 'allOf', 'property', 'arrayItem', 'additionalProperty' + * @param {number} [index] - Index for composition types (0-based, converted to 1-based in name) + * @returns {string} Generated unique component name + */ + return function generateName(context, compositionType, index) { + const { + method, + path, + isRequest, + responseCode, + propertyPath = [], + parentComponentName = null, + } = context; + + // Convert path to PascalCase API name + const buildApiName = (pathStr) => { + if (!pathStr) return ''; + // Clean and normalize path + const cleanPath = cleanAndNormalizePath(pathStr); + return 'Api' + cleanPath; + }; + + const parts = []; + // Use parent component name as prefix for nested schemas in existing components + if (parentComponentName) { + parts.push(parentComponentName); + } else { + parts.push(buildApiName(path)); + } + if (method) { + parts.push(toPascalCase(method)); + } + // Add request/response type + if (isRequest !== undefined) { + parts.push(isRequest ? 'Request' : 'Response'); + } + + // Add response code + if (responseCode) { + parts.push(responseCode); + } + + // Add property path (for nested objects) + if (propertyPath && propertyPath.length > 0) { + parts.push(...fromPropertyPaths(propertyPath)); + } + + // Add composition type suffixes + if (compositionType === 'property') { + // Property objects already have their name in propertyPath, nothing to append + } else if (compositionType === 'arrayItem') { + parts.push('Item'); + } else if (compositionType === 'additionalProperty') { + parts.push('Value'); + } else if (compositionType && index !== undefined) { + // For oneOf, anyOf, allOf - add 1-based index + parts.push(`${index + 1}`); + } + + let name = parts.filter(Boolean).join('_'); + + // Ensure uniqueness + const cachedCount = nameMap.get(name) ?? 0; + nameMap.set(name, cachedCount + 1); + if (cachedCount > 0) { + name = `${name}_${cachedCount}`; + } + + return name; + }; +}; + +module.exports = { createComponentNameGenerator }; diff --git a/oas_docs/lib/component_name_generator.test.js b/oas_docs/lib/component_name_generator.test.js new file mode 100644 index 0000000000000..9e9acde79ebc8 --- /dev/null +++ b/oas_docs/lib/component_name_generator.test.js @@ -0,0 +1,131 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +const { createComponentNameGenerator } = require('./component_name_generator'); + +describe('createComponentNameGenerator', () => { + let nameGen; + beforeEach(() => { + nameGen = createComponentNameGenerator(); + }); + + test('generates response schema name for /api/foo/connector/{id} GET 200', () => { + const context = { + method: 'get', + path: '/api/actions/connector/{id}', + isRequest: false, + responseCode: '200', + }; + const name = nameGen(context); + expect(name).toBe('ApiActionsConnector_Get_Response_200'); + }); + + test('generates indexed oneOf names for /api/actions/connector GET 200', () => { + const context = { + method: 'get', + path: '/api/actions/connector', + isRequest: false, + responseCode: '200', + }; + const names = []; + for (let i = 0; i < 3; i++) { + names.push(nameGen(context, 'oneOf', i)); + } + names.forEach((name, index) => { + expect(name).toBe(`ApiActionsConnector_Get_Response_200_${index + 1}`); + }); + }); + + test('generates property schema names', () => { + const context = { + method: 'get', + path: '/api/actions/connector/{id}', + isRequest: false, + responseCode: '200', + propertyPath: ['config'], + }; + expect(nameGen(context, 'property')).toBe('ApiActionsConnector_Get_Response_200_Config'); + }); + + test('generates unique names for duplicate contexts', () => { + const context = { + method: 'post', + path: '/api/test', + isRequest: true, + }; + expect(nameGen(context)).toBe('ApiTest_Post_Request'); + expect(nameGen(context)).toBe('ApiTest_Post_Request_1'); + }); + + test('derives operation ID from path when not provided', () => { + const context = { + method: 'get', + path: '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute', + isRequest: false, + responseCode: '200', + }; + expect(nameGen(context)).toBe('ApiAlertingRuleAlertUnmute_Get_Response_200'); + }); + + test('handles complex path with multiple parameters and underscores', () => { + const context = { + method: 'post', + path: '/api/security/role/{role_name}/field_security/{field_name}', + isRequest: true, + }; + expect(nameGen(context)).toBe('ApiSecurityRoleFieldSecurity_Post_Request'); + }); + + test('handles array item composition type', () => { + const context = { + method: 'get', + path: '/api/cases', + isRequest: false, + responseCode: '200', + propertyPath: ['items'], + }; + const name = nameGen(context, 'arrayItem'); + expect(name).toBe('ApiCases_Get_Response_200_Items_Item'); + }); + + test('handles additional properties composition type', () => { + const context = { + method: 'get', + path: '/api/dashboard/{id}', + isRequest: false, + responseCode: '200', + propertyPath: ['metadata'], + }; + const name = nameGen(context, 'additionalProperty'); + expect(name).toBe('ApiDashboard_Get_Response_200_Metadata_Value'); + }); + + test('handles allOf composition type with index', () => { + const context = { + method: 'patch', + path: '/api/fleet/agents', + isRequest: true, + }; + const name1 = nameGen(context, 'allOf', 0); + const name2 = nameGen(context, 'allOf', 1); + expect(name1).toBe('ApiFleetAgents_Patch_Request_1'); + expect(name2).toBe('ApiFleetAgents_Patch_Request_2'); + }); + + test('handles nested property paths', () => { + const context = { + method: 'put', + path: '/api/saved_objects/{type}/{id}', + isRequest: false, + responseCode: '200', + propertyPath: ['attributes', 'visualization', 'visState'], + }; + const name = nameGen(context, 'property'); + expect(name).toBe('ApiSavedObjects_Put_Response_200_Attributes_Visualization_VisState'); + }); +}); diff --git a/oas_docs/lib/componentize.js b/oas_docs/lib/componentize.js new file mode 100644 index 0000000000000..2e05836017860 --- /dev/null +++ b/oas_docs/lib/componentize.js @@ -0,0 +1,371 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +const path = require('node:path'); +const fs = require('node:fs'); +const os = require('node:os'); +const yaml = require('js-yaml'); +const cloneDeep = require('lodash/cloneDeep'); +const { ToolingLog } = require('@kbn/tooling-log'); +const { REPO_ROOT } = require('@kbn/repo-info'); +const { createComponentNameGenerator } = require('./component_name_generator'); +const { createProcessSchema } = require('./process_schema'); +const { STRATEGY_DEFAULTS, HTTP_METHODS } = require('./constants'); + +/** + * Determines if a top-level schema should be extracted as a component. + * + * @param {Object} schema - The schema to check + * @param {boolean} extractEmpty - Whether to extract empty object schemas + * @returns {boolean} - True if schema should be extracted + */ +function shouldExtractTopLevelSchema(schema, extractEmpty) { + return ( + !schema.$ref && + ((schema.type === 'object' && schema.properties) || + (extractEmpty && schema.type === 'object') || + schema.oneOf || + schema.anyOf || + schema.allOf) + ); +} + +/** + * Extracts a top-level schema as a component and replaces it with a $ref. + * + * @param {Object} schema - The schema to extract + * @param {Object} contentTypeObj - The content type object containing the schema + * @param {Object} baseContext - Base context for the operation + * @param {Object} extractionContext - Additional context (isRequest, responseCode) + * @param {Function} nameGenerator - Function to generate component names + * @param {Object} components - The components.schemas object + * @param {Object} stats - Statistics tracking object + * @param {Object} log - Logger instance + * @param {Function} processSchema - The schema processor function + * @param {string} logType - Type for logging ('request' or 'response') + */ +function extractAndReplaceTopLevelSchema( + schema, + contentTypeObj, + baseContext, + extractionContext, + nameGenerator, + components, + stats, + log, + processSchema, + logType +) { + const context = { + ...baseContext, + ...extractionContext, + }; + const name = nameGenerator(context); + + if (components[name]) { + log.warning(`Component name collision: ${name} - appending counter`); + } + + const schemaToStore = cloneDeep(schema); + components[name] = schemaToStore; + stats.schemasExtracted++; + log.debug(`Extracted top-level ${logType} schema ${name}`); + + contentTypeObj.schema = { $ref: `#/components/schemas/${name}` }; + + processSchema(schemaToStore, { + ...baseContext, + ...extractionContext, + propertyPath: [], + }); +} + +/** + * Processes request body schemas for a given method operation. + * + * @param {Object} methodValue - The method operation object + * @param {Object} baseContext - Base context for the operation + * @param {boolean} extractEmpty - Whether to extract empty object schemas + * @param {Function} nameGenerator - Function to generate component names + * @param {Object} components - The components.schemas object + * @param {Object} stats - Statistics tracking object + * @param {Object} log - Logger instance + * @param {Function} processSchema - The schema processor function + */ +function processRequestBodySchemas( + methodValue, + baseContext, + extractEmpty, + nameGenerator, + components, + stats, + log, + processSchema +) { + if (!methodValue.requestBody?.content) return; + + Object.entries(methodValue.requestBody.content).forEach(([contentType, contentTypeObj]) => { + if (contentTypeObj.schema) { + log.debug(`Processing request body (${contentType})`); + const schema = contentTypeObj.schema; + + if (shouldExtractTopLevelSchema(schema, extractEmpty)) { + extractAndReplaceTopLevelSchema( + schema, + contentTypeObj, + baseContext, + { isRequest: true }, + nameGenerator, + components, + stats, + log, + processSchema, + 'request' + ); + } else { + processSchema(schema, { + ...baseContext, + isRequest: true, + }); + } + } + }); +} + +/** + * Processes response schemas for a given method operation. + * + * @param {Object} methodValue - The method operation object + * @param {Object} baseContext - Base context for the operation + * @param {boolean} extractEmpty - Whether to extract empty object schemas + * @param {Function} nameGenerator - Function to generate component names + * @param {Object} components - The components.schemas object + * @param {Object} stats - Statistics tracking object + * @param {Object} log - Logger instance + * @param {Function} processSchema - The schema processor function + */ +function processResponseSchemas( + methodValue, + baseContext, + extractEmpty, + nameGenerator, + components, + stats, + log, + processSchema +) { + if (!methodValue.responses) return; + + Object.entries(methodValue.responses).forEach(([statusCode, response]) => { + if (response.content) { + Object.entries(response.content).forEach(([contentType, contentTypeObj]) => { + if (contentTypeObj.schema) { + log.debug(`Processing response ${statusCode} (${contentType})`); + const schema = contentTypeObj.schema; + + if (shouldExtractTopLevelSchema(schema, extractEmpty)) { + extractAndReplaceTopLevelSchema( + schema, + contentTypeObj, + baseContext, + { isRequest: false, responseCode: statusCode }, + nameGenerator, + components, + stats, + log, + processSchema, + 'response' + ); + } else { + processSchema(schema, { + ...baseContext, + isRequest: false, + responseCode: statusCode, + }); + } + } + }); + } + }); +} + +/** + * Traverses an OpenAPI document and extracts inline schemas into reusable components. + * + * Extracts top-level request/response schemas, recursively processes nested schemas, + * extracts oneOf/anyOf/allOf items, and processes pre-existing components. + * + * @param {string} relativeFilePath - Path to OAS YAML file relative to repository root + * @param {Object} [options={}] - Configuration options + * @param {Object} [options.log=console] - Logger instance with info/debug/warn/error methods + * @param {boolean} [options.extractPrimitives=false] - Extract primitive properties as separate components + * @param {boolean} [options.removeProperties=false] - Remove extracted properties from parent components + * @param {boolean} [options.extractEmpty=true] - Extract empty object schemas { type: 'object' } + * @returns {Promise} + * + * @example + * await componentizeObjectSchemas('oas_docs/bundle.yaml', { log: customLogger }); + * + * @example + * await componentizeObjectSchemas('oas_docs/bundle.yaml', { + * log: customLogger, + * extractPrimitives: true, + * removeProperties: true, + * extractEmpty: true + * }); + */ +const componentizeObjectSchemas = async ( + relativeFilePath, + { + log = new ToolingLog({ + level: 'info', + writeTo: process.stdout, + }), + extractPrimitives = STRATEGY_DEFAULTS.extractPrimitives, + removeProperties = STRATEGY_DEFAULTS.removeProperties, + extractEmpty = STRATEGY_DEFAULTS.extractEmpty, + } = {} +) => { + const absPath = path.resolve(REPO_ROOT, relativeFilePath); + let tempFilePath = null; + + try { + log.info(`Loading OAS document from ${absPath}`); + const originalDoc = yaml.load(fs.readFileSync(absPath, 'utf8')); + + const oasDoc = cloneDeep(originalDoc); + + if (!oasDoc.components) { + oasDoc.components = {}; + } + if (!oasDoc.components.schemas) { + oasDoc.components.schemas = {}; + } + + const components = oasDoc.components.schemas; + const nameGenerator = createComponentNameGenerator(); + const stats = { + schemasExtracted: 0, + oneOfCount: 0, + anyOfCount: 0, + allOfCount: 0, + maxDepth: 0, + }; + + const strategyOptions = { + extractPrimitives, + removeProperties, + extractEmpty, + }; + + const processSchema = createProcessSchema( + components, + nameGenerator, + stats, + log, + strategyOptions + ); + + log.info('Processing paths...'); + let pathCount = 0; + let methodValueCount = 0; + + for (const [pathName, pathValue] of Object.entries(oasDoc.paths ?? {})) { + pathCount++; + log.debug(`Processing path: ${pathName}`); + + for (const [method, methodValue] of Object.entries(pathValue)) { + if (!HTTP_METHODS.includes(method.toLowerCase())) { + continue; + } + + methodValueCount++; + const baseContext = { + method, + path: pathName, + propertyPath: [], + }; + + log.debug(`Processing method: ${method.toUpperCase()}`); + + processRequestBodySchemas( + methodValue, + baseContext, + extractEmpty, + nameGenerator, + components, + stats, + log, + processSchema + ); + + processResponseSchemas( + methodValue, + baseContext, + extractEmpty, + nameGenerator, + components, + stats, + log, + processSchema + ); + } + } + + log.info('Processing existing components...'); + const preExistingComponentNames = Object.keys(components); + const processedComponents = new Set(); + + for (const componentName of preExistingComponentNames) { + if (processedComponents.has(componentName)) { + continue; + } + processedComponents.add(componentName); + + const componentSchema = components[componentName]; + log.debug(`Processing existing component: ${componentName}`); + + processSchema(componentSchema, { + method: null, + path: null, + isRequest: undefined, + responseCode: null, + propertyPath: [], + parentComponentName: componentName, + }); + } + + tempFilePath = path.join(os.tmpdir(), `componentize-${Date.now()}-${path.basename(absPath)}`); + log.debug(`Writing to temporary file: ${tempFilePath}`); + fs.writeFileSync(tempFilePath, yaml.dump(oasDoc, { noRefs: true, lineWidth: -1 }), 'utf8'); + + log.info(`Writing componentized schemas to ${absPath}`); + fs.copyFileSync(tempFilePath, absPath); + fs.unlinkSync(tempFilePath); + tempFilePath = null; + + log.info('Componentization complete!'); + log.info(`Paths processed: ${pathCount}`); + log.info(`Operations processed: ${methodValueCount}`); + log.info(`Schemas extracted: ${stats.schemasExtracted}`); + log.info(`oneOf: ${stats.oneOfCount}`); + log.info(`anyOf: ${stats.anyOfCount}`); + log.info(`allOf: ${stats.allOfCount}`); + log.info(`Max depth: ${stats.maxDepth}`); + } catch (error) { + log.error(`Error during componentization: ${error.message}`); + if (tempFilePath && fs.existsSync(tempFilePath)) { + fs.unlinkSync(tempFilePath); + log.debug(`Cleaned up temporary file: ${tempFilePath}`); + } + throw error; + } +}; + +module.exports = { componentizeObjectSchemas }; diff --git a/oas_docs/lib/componentize.test.js b/oas_docs/lib/componentize.test.js new file mode 100644 index 0000000000000..aa725d614accc --- /dev/null +++ b/oas_docs/lib/componentize.test.js @@ -0,0 +1,1128 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +const fs = require('fs'); +const path = require('path'); +const os = require('os'); +const yaml = require('js-yaml'); +const { set } = require('@kbn/safer-lodash-set'); +const { componentizeObjectSchemas } = require('./componentize'); + +describe('componentizeObjectSchemas', () => { + let tempDir; + let mockLog; + + beforeEach(() => { + tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'componentize-test-')); + mockLog = { + info: jest.fn(), + debug: jest.fn(), + warning: jest.fn(), + error: jest.fn(), + }; + }); + + afterEach(() => { + if (fs.existsSync(tempDir)) { + fs.rmSync(tempDir, { recursive: true, force: true }); + } + }); + + describe('oneOf composition extraction', () => { + it('should extract oneOf items to components', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + operationId: 'getTest', + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [ + { type: 'object', properties: { a: { type: 'string' } } }, + { type: 'object', properties: { b: { type: 'number' } } }, + ], + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + oneOf: [ + { $ref: '#/components/schemas/ApiTest_Get_Response_200_1' }, + { $ref: '#/components/schemas/ApiTest_Get_Response_200_2' }, + ], + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_1', { + type: 'object', + properties: { a: { type: 'string' } }, + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_2', { + type: 'object', + properties: { b: { type: 'number' } }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should handle nested oneOf in properties', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + operationId: 'getTest', + responses: { + 200: { + content: { + 'application/json': { + schema: { + type: 'object', + properties: { + thing: { + oneOf: [{ type: 'string' }, { type: 'number' }], + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + type: 'object', + properties: { + thing: { + oneOf: [ + { $ref: '#/components/schemas/ApiTest_Get_Response_200_Thing_1' }, + { $ref: '#/components/schemas/ApiTest_Get_Response_200_Thing_2' }, + ], + }, + }, + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_Thing_1', { + type: 'string', + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_Thing_2', { + type: 'number', + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + }); + + describe('anyOf composition extraction', () => { + it('should extract anyOf items to components', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + post: { + operationId: 'postTest', + requestBody: { + content: { + 'application/json': { + schema: { + anyOf: [ + { type: 'object', properties: { x: { type: 'string' } } }, + { type: 'object', properties: { y: { type: 'number' } } }, + ], + }, + }, + }, + }, + responses: { + 201: { + content: { + 'application/json': { + schema: { type: 'object' }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set(expectedDoc, 'paths["/api/test"].post.requestBody.content["application/json"].schema', { + $ref: '#/components/schemas/ApiTest_Post_Request', + }); + set(expectedDoc, 'components.schemas.ApiTest_Post_Request', { + anyOf: [ + { $ref: '#/components/schemas/ApiTest_Post_Request_1' }, + { $ref: '#/components/schemas/ApiTest_Post_Request_2' }, + ], + }); + set(expectedDoc, 'components.schemas.ApiTest_Post_Request_1', { + type: 'object', + properties: { x: { type: 'string' } }, + }); + set(expectedDoc, 'components.schemas.ApiTest_Post_Request_2', { + type: 'object', + properties: { y: { type: 'number' } }, + }); + set( + expectedDoc, + 'paths["/api/test"].post.responses["201"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Post_Response_201', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Post_Response_201', { + type: 'object', + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + // it.todo('should handle nested anyOf in properties', async () => { + // // Similar to the oneOf nested test, but for anyOf + // }); + }); + + describe('allOf composition extraction', () => { + it('should extract allOf items to components', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + allOf: [ + { type: 'object', properties: { base: { type: 'string' } } }, + { type: 'object', properties: { extended: { type: 'number' } } }, + ], + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + allOf: [ + { $ref: '#/components/schemas/ApiTest_Get_Response_200_1' }, + { $ref: '#/components/schemas/ApiTest_Get_Response_200_2' }, + ], + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_1', { + type: 'object', + properties: { base: { type: 'string' } }, + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_2', { + type: 'object', + properties: { extended: { type: 'number' } }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + // it.todo('should handle nested allOf in properties', async () => { + // // Similar to the oneOf nested test, but for allOf + // }); + }); + + describe('top-level schema extraction', () => { + it('should extract top-level response schema and nested properties', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/actions/connector/{id}': { + get: { + operationId: 'get-actions-connector-id', + parameters: [ + { + description: 'An identifier for the connector.', + in: 'path', + name: 'id', + required: true, + schema: { type: 'string' }, + }, + ], + responses: { + 200: { + content: { + 'application/json': { + schema: { + additionalProperties: false, + type: 'object', + properties: { + config: { + additionalProperties: {}, + default: {}, + type: 'object', + properties: { + from: { type: 'string' }, + host: { type: 'string' }, + }, + }, + connector_type_id: { + description: 'The connector type identifier.', + type: 'string', + }, + id: { + description: 'The connector ID.', + type: 'string', + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set( + expectedDoc, + 'paths["/api/actions/connector/{id}"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiActionsConnector_Get_Response_200', { + type: 'object', + additionalProperties: false, + properties: { + config: { + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200_Config', + }, + connector_type_id: { + type: 'string', + description: 'The connector type identifier.', + }, + id: { + type: 'string', + description: 'The connector ID.', + }, + }, + }); + set(expectedDoc, 'components.schemas.ApiActionsConnector_Get_Response_200_Config', { + type: 'object', + additionalProperties: {}, + default: {}, + properties: { + from: { type: 'string' }, + host: { type: 'string' }, + }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should extract top-level request schema', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/cases': { + post: { + operationId: 'create-case', + requestBody: { + content: { + 'application/json': { + schema: { + type: 'object', + required: ['title'], + properties: { + title: { type: 'string' }, + settings: { + type: 'object', + properties: { + syncAlerts: { type: 'boolean' }, + }, + }, + }, + }, + }, + }, + }, + responses: { + 201: { + content: { + 'application/json': { + schema: { type: 'object' }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set(expectedDoc, 'paths["/api/cases"].post.requestBody.content["application/json"].schema', { + $ref: '#/components/schemas/ApiCases_Post_Request', + }); + set(expectedDoc, 'components.schemas.ApiCases_Post_Request', { + type: 'object', + required: ['title'], + properties: { + settings: { $ref: '#/components/schemas/ApiCases_Post_Request_Settings' }, + title: { type: 'string' }, + }, + }); + set(expectedDoc, 'components.schemas.ApiCases_Post_Request_Settings', { + type: 'object', + properties: { syncAlerts: { type: 'boolean' } }, + }); + set( + expectedDoc, + 'paths["/api/cases"].post.responses["201"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiCases_Post_Response_201', + } + ); + set(expectedDoc, 'components.schemas.ApiCases_Post_Response_201', { + type: 'object', + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should not extract schemas that are already references', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + $ref: '#/components/schemas/ExistingSchema', + }, + }, + }, + }, + }, + }, + }, + }, + components: { + schemas: { + ExistingSchema: { + type: 'object', + properties: { + name: { type: 'string' }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; // Expect doc to remain completely unchanged. + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should handle schemas without properties gracefully', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/empty': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + type: 'object', + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + const expectedDoc = testDoc; // Expect doc to remain completely unchanged. + set( + expectedDoc, + 'paths["/api/empty"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiEmpty_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiEmpty_Get_Response_200', { + type: 'object', + }); + await componentizeObjectSchemas(testFile, { log: mockLog }); + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + expect(result).toEqual(expectedDoc); + }); + }); + + describe('schemas with empty object properties', () => { + it('should extract empty object properties to components', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + type: 'object', + properties: { + emptyObj: { type: 'object', properties: {} }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + type: 'object', + properties: { + emptyObj: { + $ref: '#/components/schemas/ApiTest_Get_Response_200_EmptyObj', + }, + }, + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_EmptyObj', { + type: 'object', + properties: {}, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + }); + + describe('existing components with predefined names', () => { + it('should process existing component with nested object properties', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + $ref: '#/components/schemas/PredefinedSchema', + }, + }, + }, + }, + }, + }, + }, + }, + components: { + schemas: { + PredefinedSchema: { + type: 'object', + properties: { + id: { type: 'string' }, + config: { + type: 'object', + properties: { + url: { type: 'string' }, + apiKey: { type: 'string' }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/PredefinedSchema', + } + ); + set(expectedDoc, 'components.schemas.PredefinedSchema', { + type: 'object', + properties: { + id: { type: 'string' }, + config: { $ref: '#/components/schemas/PredefinedSchema_Config' }, + }, + }); + set(expectedDoc, 'components.schemas.PredefinedSchema.properties.config', { + $ref: '#/components/schemas/PredefinedSchema_Config', + }); + set(expectedDoc, 'components.schemas.PredefinedSchema_Config', { + type: 'object', + properties: { + url: { type: 'string' }, + apiKey: { type: 'string' }, + }, + }); + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should process existing component with composition types', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + $ref: '#/components/schemas/PredefinedUnion', + }, + }, + }, + }, + }, + }, + }, + }, + components: { + schemas: { + PredefinedUnion: { + oneOf: [ + { type: 'object', properties: { a: { type: 'string' } } }, + { type: 'object', properties: { b: { type: 'number' } } }, + ], + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/PredefinedUnion', + } + ); + set(expectedDoc, 'components.schemas.PredefinedUnion', { + oneOf: [ + { $ref: '#/components/schemas/PredefinedUnion_1' }, + { $ref: '#/components/schemas/PredefinedUnion_2' }, + ], + }); + set(expectedDoc, 'components.schemas.PredefinedUnion_1', { + type: 'object', + properties: { a: { type: 'string' } }, + }); + set(expectedDoc, 'components.schemas.PredefinedUnion_2', { + type: 'object', + properties: { b: { type: 'number' } }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + expect(result).toEqual(expectedDoc); + }); + + it('should handle existing component referencing another existing component', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + $ref: '#/components/schemas/ExtendedSchema', + }, + }, + }, + }, + }, + }, + }, + }, + components: { + schemas: { + BaseSchema: { + type: 'object', + properties: { + id: { type: 'string' }, + }, + }, + ExtendedSchema: { + allOf: [ + { $ref: '#/components/schemas/BaseSchema' }, + { + type: 'object', + properties: { + name: { type: 'string' }, + metadata: { + type: 'object', + properties: { + created: { type: 'string' }, + }, + }, + }, + }, + ], + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ExtendedSchema', // overwrites the base schemas + } + ); + set(expectedDoc, 'components.schemas.ExtendedSchema', { + allOf: [ + { $ref: '#/components/schemas/BaseSchema' }, + { $ref: '#/components/schemas/ExtendedSchema_2' }, + ], + }); + set(expectedDoc, 'components.schemas.ExtendedSchema_2', { + type: 'object', + properties: { + name: { type: 'string' }, + metadata: { $ref: '#/components/schemas/ExtendedSchema_Metadata' }, + }, + }); + set(expectedDoc, 'components.schemas.ExtendedSchema_Metadata', { + type: 'object', + properties: { + created: { type: 'string' }, + }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + }); + + describe('edge cases', () => { + it('should skip schemas that are already references', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [ + { $ref: '#/components/schemas/ExistingSchema' }, + { type: 'object', properties: { new: { type: 'string' } } }, + ], + }, + }, + }, + }, + }, + }, + }, + }, + components: { + schemas: { + ExistingSchema: { type: 'object' }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + oneOf: [ + { $ref: '#/components/schemas/ExistingSchema' }, + { $ref: '#/components/schemas/ApiTest_Get_Response_200_2' }, + ], + }); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200_2', { + type: 'object', + properties: { new: { type: 'string' } }, + }); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(expectedDoc); + }); + + it('should handle empty composition arrays', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [], + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + const expectedDoc = testDoc; + set( + expectedDoc, + 'paths["/api/test"].get.responses["200"].content["application/json"].schema', + { + $ref: '#/components/schemas/ApiTest_Get_Response_200', + } + ); + set(expectedDoc, 'components.schemas.ApiTest_Get_Response_200', { + oneOf: [], + }); + + // Should not throw + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + expect(result).toEqual(testDoc); + }); + + it('should prevent infinite recursion on deep nesting', async () => { + // Create a very deeply nested structure + // Note: With object extraction, nested objects get converted to $refs which stops recursion + // So we need to use a structure that doesn't trigger object extraction (e.g., composition types) + // MAX_RECURSION_DEPTH is 100, so create 105 levels to trigger the warning + let deepSchema = { type: 'string' }; + for (let i = 0; i < 105; i++) { + deepSchema = { + oneOf: [deepSchema, { type: 'number' }], + }; + } + + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + responses: { + 200: { + content: { + 'application/json': { + schema: deepSchema, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + // Should not throw or hang + await expect(componentizeObjectSchemas(testFile, { log: mockLog })).resolves.not.toThrow(); // we might want to throw though + + // Should warn about max depth + expect(mockLog.warning).toHaveBeenCalledWith( + expect.stringContaining('Maximum recursion depth') + ); + }); + }); + + describe('naming strategy', () => { + it('should generate unique names for compositions', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/actions/connector': { + get: { + operationId: 'getActionsConnector', + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [ + { type: 'object', properties: { type: { type: 'string' } } }, + { type: 'object', properties: { id: { type: 'number' } } }, + ], + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + // Should have 1 top-level component + 2 oneOf items = 3 components + const componentNames = Object.keys(result.components.schemas); + expect(componentNames.length).toBe(3); + + // Top-level component name + expect(result.components.schemas).toHaveProperty('ApiActionsConnector_Get_Response_200'); + + // OneOf item names should include index + expect(result.components.schemas).toHaveProperty('ApiActionsConnector_Get_Response_200_1'); + expect(result.components.schemas).toHaveProperty('ApiActionsConnector_Get_Response_200_2'); + + // Verify structure + expect(result.components.schemas.ApiActionsConnector_Get_Response_200).toEqual({ + oneOf: [ + { $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200_1' }, + { $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200_2' }, + ], + }); + }); + + it('should handle name collisions', async () => { + const testDoc = { + openapi: '3.0.3', + info: { title: 'Test', version: '1.0.0' }, + paths: { + '/api/test': { + get: { + operationId: 'test', + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [{ type: 'object', properties: { a: { type: 'string' } } }], + }, + }, + }, + }, + }, + }, + post: { + operationId: 'test', + responses: { + 200: { + content: { + 'application/json': { + schema: { + oneOf: [{ type: 'object', properties: { b: { type: 'string' } } }], + }, + }, + }, + }, + }, + }, + }, + }, + }; + + const testFile = path.join(tempDir, 'test.yaml'); + fs.writeFileSync(testFile, yaml.dump(testDoc)); + + await componentizeObjectSchemas(testFile, { log: mockLog }); + + const result = yaml.load(fs.readFileSync(testFile, 'utf8')); + + // Should have: 2 top-level (GET/POST responses) + 2 oneOf items = 4 components + const componentNames = Object.keys(result.components.schemas); + expect(componentNames.length).toBe(4); + expect(new Set(componentNames).size).toBe(4); // All unique + + // Verify all components have unique names + expect(result.components.schemas).toHaveProperty('ApiTest_Get_Response_200'); + expect(result.components.schemas).toHaveProperty('ApiTest_Get_Response_200_1'); + expect(result.components.schemas).toHaveProperty('ApiTest_Post_Response_200'); + expect(result.components.schemas).toHaveProperty('ApiTest_Post_Response_200_1'); + }); + }); +}); diff --git a/oas_docs/lib/constants.js b/oas_docs/lib/constants.js new file mode 100644 index 0000000000000..491c873cd8bb0 --- /dev/null +++ b/oas_docs/lib/constants.js @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +/** + * Default values for refactoring schemas to component references. + * + * @type {Object} + * @property {boolean} extractPrimitives - Extract primitive properties as separate components + * @property {boolean} removeProperties - Remove extracted properties from parent components + * @property {boolean} extractEmpty - Extract empty object schemas { type: 'object' } + */ +const STRATEGY_DEFAULTS = { + extractPrimitives: false, + removeProperties: false, + extractEmpty: true, +}; + +const MAX_RECURSION_DEPTH = 100; + +const HTTP_METHODS = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']; + +module.exports = { STRATEGY_DEFAULTS, MAX_RECURSION_DEPTH, HTTP_METHODS }; diff --git a/oas_docs/lib/process_schema.js b/oas_docs/lib/process_schema.js new file mode 100644 index 0000000000000..d262656fa54e2 --- /dev/null +++ b/oas_docs/lib/process_schema.js @@ -0,0 +1,358 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +const { STRATEGY_DEFAULTS, MAX_RECURSION_DEPTH } = require('./constants'); + +/** + * Check if a schema has structural fields worth extracting as a component. + * Structural fields define the shape/structure of data, as opposed to metadata fields. + * + * @param {Object} schema - The schema to check + * @returns {boolean} - True if schema has structural fields (properties, additionalProperties, patternProperties, composition types) + * + * @example + * hasStructuralFields({ type: 'object', properties: { id: { type: 'string' } } }) // true + * hasStructuralFields({ type: 'object', additionalProperties: { type: 'string' } }) // true + * hasStructuralFields({ type: 'object', description: 'metadata only' }) // false + * hasStructuralFields({ type: 'object' }) // false (empty object) + */ +function hasStructuralFields(schema) { + if (!schema || typeof schema !== 'object') return false; + + // Has properties + if ( + schema.properties && + typeof schema.properties === 'object' && + Object.keys(schema.properties).length > 0 + ) { + return true; + } + + // Has additionalProperties (schema, not boolean) + if (schema.additionalProperties && typeof schema.additionalProperties === 'object') { + return true; + } + + // Has patternProperties + if ( + schema.patternProperties && + typeof schema.patternProperties === 'object' && + Object.keys(schema.patternProperties).length > 0 + ) { + return true; + } + + // Has composition types + if (schema.oneOf || schema.anyOf || schema.allOf) { + return true; + } + + return false; +} + +/** + * Check if a schema is a primitive type (string, number, boolean, integer) + * @param {Object} schema - The schema to check + * @returns {boolean} - True if schema is a primitive type + */ +function isPrimitiveType(schema) { + if (!schema || typeof schema !== 'object') return false; + const primitiveTypes = ['string', 'number', 'boolean', 'integer']; + return ( + primitiveTypes.includes(schema.type) && + !schema.properties && + !schema.oneOf && + !schema.anyOf && + !schema.allOf + ); +} + +/** + * Determines if a nested schema should be extracted as a component. + * Nested schemas are extracted if they: + * - Are empty objects (if extractEmpty is true) + * - Are objects with structural fields (properties, additionalProperties, etc.) + * - Are primitives (if extractPrimitives is true) + * + * @param {Object} schema - The schema to check + * @param {Object} options - Extraction options + * @param {boolean} options.extractEmpty - Extract empty objects + * @param {boolean} options.extractPrimitives - Extract primitives + * @returns {boolean} - True if schema should be extracted + */ +function shouldExtractNestedSchema(schema, { extractEmpty, extractPrimitives }) { + if (!schema || typeof schema !== 'object') return false; + + // Empty object check + if (extractEmpty && schema.type === 'object' && !hasStructuralFields(schema)) { + return true; + } + + // Object with structural fields + if (schema.type === 'object' && hasStructuralFields(schema)) { + return true; + } + + // Primitive check + if (extractPrimitives && isPrimitiveType(schema)) { + return true; + } + + return false; +} + +/** + * Extracts a nested schema as a component and returns the $ref. + * This helper consolidates the common extraction pattern used for properties, array items, and additionalProperties. + * + * @param {Object} schemaToExtract - The schema to extract + * @param {Object} context - The context for naming + * @param {string} type - The type of extraction ('property', 'arrayItem', 'additionalProperty') + * @param {Function} nameGenerator - Function to generate component names + * @param {Object} components - The components.schemas object + * @param {Object} stats - Statistics tracking object + * @param {Object} log - Logger instance + * @param {Function} processSchema - The schema processor function + * @param {number} depth - Current recursion depth + * @returns {Object} - The $ref object to replace the inline schema + */ +function extractAndReplaceNestedSchema( + schemaToExtract, + context, + type, + nameGenerator, + components, + stats, + log, + processSchema, + depth +) { + const name = nameGenerator(context, type); + + if (components[name]) { + log.warning(`Component name already exists: ${name} - appending counter`); + } + + const schemaToStore = { ...schemaToExtract }; + components[name] = schemaToStore; + stats.schemasExtracted++; + log.debug(`Extracted ${type} ${name}`); + + processSchema(schemaToStore, context, depth + 1); + + return { $ref: `#/components/schemas/${name}` }; +} + +/** + * Creates a schema processing function that recursively extracts inline schemas into components. + * + * @param {Object} components - The components.schemas object to populate with extracted schemas + * @param {Function} nameGenerator - Function to generate unique component names + * @param {Object} stats - Statistics object to track extraction metrics + * @param {number} stats.schemasExtracted - Counter for total schemas extracted + * @param {number} stats.oneOfCount - Counter for oneOf items extracted + * @param {number} stats.anyOfCount - Counter for anyOf items extracted + * @param {number} stats.allOfCount - Counter for allOf items extracted + * @param {number} stats.maxDepth - Maximum recursion depth reached + * @param {Object} log - Logger instance with debug/warn methods + * @param {Object} [options={}] - Strategy options + * @param {boolean} [options.extractPrimitives=false] - Extract primitive properties as separate components + * @param {boolean} [options.removeProperties=false] - Remove extracted properties from parent components + * @param {boolean} [options.extractEmpty=true] - Extract empty object schemas { type: 'object' } + * @returns {Function} processSchema function + * + * @example + * const components = {}; + * const nameGen = createComponentNameGenerator(); + * const stats = { schemasExtracted: 0, oneOfCount: 0, anyOfCount: 0, allOfCount: 0, maxDepth: 0 }; + * const log = console; + * const processSchema = createProcessSchema(components, nameGen, stats, log, { + * extractPrimitives: false, + * removeProperties: false, + * extractEmpty: false + * }); + * + * // Process a schema with oneOf + * const schema = { + * oneOf: [ + * { type: 'object', properties: { a: { type: 'string' } } }, + * { type: 'object', properties: { b: { type: 'number' } } } + * ] + * }; + * processSchema(schema, { method: 'get', path: '/api/test', isRequest: false, responseCode: '200' }); + * + * // Result: schema.oneOf items replaced with $ref, components populated + * // schema.oneOf = [{ $ref: '#/components/schemas/...' }, { $ref: '#/components/schemas/...' }] + */ +const createProcessSchema = ( + components, + nameGenerator, + stats, + log, + options = { ...STRATEGY_DEFAULTS } +) => { + if (!components || !nameGenerator || !stats || !log) { + throw new Error('components, nameGenerator, stats, and log are required'); + } + + const { extractPrimitives, removeProperties, extractEmpty } = options; + + function processSchema(schema, context, depth = 0) { + if (!schema || typeof schema !== 'object') { + return; + } + + // Check depth limit first to prevent unbounded recursion + if (depth > MAX_RECURSION_DEPTH) { + log.warning( + `Maximum recursion depth (${MAX_RECURSION_DEPTH}) exceeded at ${ + context.path || 'unknown path' + }. ` + 'This may indicate a circular schema reference or excessively deep nesting.' + ); + return; + } + + stats.maxDepth = Math.max(stats.maxDepth, depth); + + ['oneOf', 'anyOf', 'allOf'].forEach((compType) => { + if (schema[compType] && Array.isArray(schema[compType])) { + log.debug( + `Found ${compType} with ${schema[compType].length} items at ${context.path || 'root'}` + ); + + schema[compType] = schema[compType].map((item, idx) => { + if (item.$ref) { + return item; + } + + const name = nameGenerator(context, compType, idx); + + if (components[name]) { + log.warning(`Component name collision: ${name} - appending counter`); + } + + const itemToStore = item; + components[name] = itemToStore; + stats.schemasExtracted++; + + if (compType === 'oneOf') stats.oneOfCount++; + if (compType === 'anyOf') stats.anyOfCount++; + if (compType === 'allOf') stats.allOfCount++; + + log.debug(`Extracted ${name}`); + + processSchema(itemToStore, { ...context, depth: depth + 1 }, depth + 1); + + return { $ref: `#/components/schemas/${name}` }; + }); + } + }); + + if (schema.properties && typeof schema.properties === 'object') { + const propertiesToRemove = []; + Object.entries(schema.properties).forEach(([propName, propSchema]) => { + const propContext = { + ...context, + propertyPath: [...(context.propertyPath || []), propName], + }; + + let shouldExtract = false; + + if (shouldExtractNestedSchema(propSchema, { extractEmpty, extractPrimitives })) { + shouldExtract = true; + } + + if (shouldExtract) { + const ref = extractAndReplaceNestedSchema( + propSchema, + propContext, + 'property', + nameGenerator, + components, + stats, + log, + processSchema, + depth + ); + schema.properties[propName] = ref; + if (removeProperties) { + propertiesToRemove.push(propName); + } + } else { + processSchema(propSchema, propContext, depth + 1); + } + }); + + if (removeProperties && propertiesToRemove.length > 0) { + propertiesToRemove.forEach((propName) => { + delete schema.properties[propName]; + }); + } + } + + if (schema.items) { + const itemContext = { + ...context, + inArray: true, + }; + let shouldExtractItem = false; + if (shouldExtractNestedSchema(schema.items, { extractEmpty, extractPrimitives })) { + shouldExtractItem = true; + } + + if (shouldExtractItem) { + schema.items = extractAndReplaceNestedSchema( + schema.items, + itemContext, + 'arrayItem', + nameGenerator, + components, + stats, + log, + processSchema, + depth + ); + } else { + processSchema(schema.items, itemContext, depth + 1); + } + } + + if (schema.additionalProperties && typeof schema.additionalProperties === 'object') { + const addlPropContext = { + ...context, + inAdditionalProperties: true, + }; + let shouldExtractAddlProp = false; + if ( + shouldExtractNestedSchema(schema.additionalProperties, { extractEmpty, extractPrimitives }) + ) { + shouldExtractAddlProp = true; + } + + if (shouldExtractAddlProp) { + schema.additionalProperties = extractAndReplaceNestedSchema( + schema.additionalProperties, + addlPropContext, + 'additionalProperty', + nameGenerator, + components, + stats, + log, + processSchema, + depth + ); + } else { + processSchema(schema.additionalProperties, addlPropContext, depth + 1); + } + } + } + return processSchema; +}; + +module.exports = { createProcessSchema }; diff --git a/oas_docs/lib/process_schema.test.js b/oas_docs/lib/process_schema.test.js new file mode 100644 index 0000000000000..f039bbbe970d5 --- /dev/null +++ b/oas_docs/lib/process_schema.test.js @@ -0,0 +1,598 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +// should convert all schemas and objects to components +// every ref must match the component name +// no components should contain schemas or objects directly, these must all be refs to other components +// every component is added to the components object in the yaml + +const { createProcessSchema } = require('./process_schema'); +const testObjects = { + simpleObject: { + type: 'object', + properties: { + name: { type: 'string' }, + }, + }, + oneOfSchema: { + oneOf: [ + { type: 'object', properties: { a: { type: 'string' } } }, + { type: 'object', properties: { b: { type: 'number' } } }, + ], + }, + anyOfSchema: { + anyOf: [{ type: 'string' }, { type: 'number' }], + }, + allOfSchema: { + allOf: [ + { type: 'object', properties: { base: { type: 'string' } } }, + { type: 'object', properties: { extended: { type: 'number' } } }, + ], + }, +}; + +describe('createProcessSchema', () => { + let processSchema; + let mockComponents; + let mockNameGenerator; + let mockStats; + let mockLog; + + beforeEach(() => { + mockComponents = {}; + mockNameGenerator = jest.fn((context, compType, idx) => { + if (idx !== undefined) { + return `Mock${compType}${idx}`; + } + return `Mock${compType}`; + }); + mockStats = { + schemasExtracted: 0, + oneOfCount: 0, + anyOfCount: 0, + allOfCount: 0, + maxDepth: 0, + }; + mockLog = { + info: jest.fn(), + debug: jest.fn(), + warning: jest.fn(), + error: jest.fn(), + }; + }); + + describe('schema processor creator', () => { + it('should return a function', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + expect(typeof processSchema).toBe('function'); + }); + + it('should throw on missing parameters', () => { + expect(() => createProcessSchema()).toThrow(); + }); + }); + + describe('oneOf composition handling', () => { + beforeEach(() => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + }); + + it('should extract oneOf items into components', () => { + const schema = { ...testObjects.oneOfSchema }; + const context = { + method: 'get', + path: 'api/test', + operationId: 'get-test', + }; + processSchema(schema, context); + + expect(mockStats.oneOfCount).toBe(2); + expect(mockStats.schemasExtracted).toBe(2); + expect(Object.keys(mockComponents).length).toBe(2); + }); + + it('should replace oneOf items with $ref', () => { + const schema = { ...testObjects.oneOfSchema }; + const context = { operationId: 'testOp' }; + processSchema(schema, context); + + expect(schema).toEqual({ + oneOf: [ + { $ref: '#/components/schemas/MockoneOf0' }, + { $ref: '#/components/schemas/MockoneOf1' }, + ], + }); + expect(mockComponents).toEqual({ + MockoneOf0: { type: 'object', properties: { a: { type: 'string' } } }, + MockoneOf1: { type: 'object', properties: { b: { type: 'number' } } }, + }); + }); + + it('should skip items that are already $ref', () => { + const schema = { + oneOf: [ + { $ref: '#/components/schemas/Existing' }, + { type: 'object', properties: { new: { type: 'string' } } }, + ], + }; + const context = { operationId: 'test' }; + + processSchema(schema, context); + + expect(schema.oneOf[0].$ref).toBe('#/components/schemas/Existing'); + expect(mockStats.schemasExtracted).toBe(1); // Only the non-ref + }); + + it('should handle nested oneOf in properties', () => { + const schema = { + type: 'object', + properties: { + nested: testObjects.oneOfSchema, + }, + }; + const context = { operationId: 'nested-test' }; + processSchema(schema, context); + + expect(mockStats.oneOfCount).toBe(2); + expect(mockStats.schemasExtracted).toBe(2); + expect(Object.keys(mockComponents).length).toBe(2); + expect(schema.properties.nested).toEqual({ + oneOf: [ + { $ref: '#/components/schemas/MockoneOf0' }, + { $ref: '#/components/schemas/MockoneOf1' }, + ], + }); + }); + }); + + describe('anyOf composition handling', () => { + beforeEach(() => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + }); + + it('should extract anyOf items into components', () => { + const schema = { ...testObjects.anyOfSchema }; + const context = { + method: 'post', + operationId: 'post-test', + }; + processSchema(schema, context); + + expect(schema).toEqual({ + anyOf: [ + { $ref: '#/components/schemas/MockanyOf0' }, + { $ref: '#/components/schemas/MockanyOf1' }, + ], + }); + expect(mockComponents).toEqual({ + MockanyOf0: { type: 'string' }, + MockanyOf1: { type: 'number' }, + }); + }); + + it('should replace anyOf items with $ref', () => { + const schema = { ...testObjects.anyOfSchema }; + const context = { operationId: 'testOp' }; + processSchema(schema, context); + + expect(schema).toEqual({ + anyOf: [ + { $ref: '#/components/schemas/MockanyOf0' }, + { $ref: '#/components/schemas/MockanyOf1' }, + ], + }); + }); + }); + + describe('allOf composition extraction', () => { + beforeEach(() => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + }); + + it('should extract allOf items to components', () => { + const schema = { ...testObjects.allOfSchema }; + const context = { operationId: 'test' }; + + processSchema(schema, context); + + expect(mockStats.allOfCount).toBe(2); + expect(mockStats.schemasExtracted).toBe(2); + }); + + it('should replace allOf items with $ref', () => { + const schema = { ...testObjects.allOfSchema }; + const context = { operationId: 'test' }; + + processSchema(schema, context); + + expect(schema).toEqual({ + allOf: [ + { $ref: '#/components/schemas/MockallOf0' }, + { $ref: '#/components/schemas/MockallOf1' }, + ], + }); + expect(mockComponents).toEqual({ + MockallOf0: { type: 'object', properties: { base: { type: 'string' } } }, + MockallOf1: { type: 'object', properties: { extended: { type: 'number' } } }, + }); + }); + }); + + describe('property traversal', () => { + beforeEach(() => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + }); + + it('should recurse into properties', () => { + const schema = { + type: 'object', + properties: { + nested: { + oneOf: [{ type: 'string' }, { type: 'number' }], + }, + }, + }; + const context = { operationId: 'test', path: '/api/test' }; + + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(2); + expect(schema.properties.nested).toEqual({ + oneOf: [ + { $ref: '#/components/schemas/MockoneOf0' }, + { $ref: '#/components/schemas/MockoneOf1' }, + ], + }); + expect(mockComponents).toEqual({ + MockoneOf0: { type: 'string' }, + MockoneOf1: { type: 'number' }, + }); + }); + }); + + it('should track propertyPath in context', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + const schema = { + type: 'object', + properties: { + user: { + type: 'object', + properties: { + name: { + oneOf: [{ type: 'string' }, { type: 'number' }], + }, + age: { + oneOf: [{ type: 'integer' }, { type: 'null' }], + }, + }, + }, + }, + }; + const context = { operationId: 'test' }; + const calls = mockNameGenerator.mock.calls; + processSchema(schema, context); + // Check that nameGenerator was called with updated propertyPath + // Should have been called for compositions nested in properties + + // Now extracts: user object (1) + name oneOf items (2) + age oneOf items (2) = 5 + expect(calls.length).toBe(5); + calls.forEach((call) => { + const calledContext = call[0]; + expect(calledContext).toHaveProperty('propertyPath'); + expect(calledContext.propertyPath[0]).toBe('user'); + // First call is for 'user' object itself (property extraction) + // Remaining calls are for 'name' and 'age' oneOf items + if (calledContext.propertyPath.length > 1) { + expect(['name', 'age']).toContain(calledContext.propertyPath[1]); + } + }); + }); + + it('should handle deep property nesting', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + const schema = { + type: 'object', + properties: { + level1: { + type: 'object', + properties: { + level2: { + type: 'object', + properties: { + level3: { + oneOf: [{ type: 'string' }], + }, + }, + }, + }, + }, + }, + }; + const context = { operationId: 'test' }; + + processSchema(schema, context); + + // level1 object (1) + level2 object (1) + level3 oneOf item (1) = 3 + expect(mockStats.schemasExtracted).toBe(3); + }); + + it('should extract property objects as components', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + const schema = { + type: 'object', + properties: { + config: { + type: 'object', + properties: { + setting: { type: 'string' }, + }, + }, + name: { type: 'string' }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + expect(mockStats.schemasExtracted).toBe(1); // config object + expect(Object.keys(mockComponents).length).toBe(1); + expect(schema.properties.config).toHaveProperty('$ref'); + expect(schema.properties.name).not.toHaveProperty('$ref'); // primitive stays inline + }); + + it('should extract array item objects as components', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + const schema = { + type: 'array', + items: { + type: 'object', + properties: { + id: { type: 'string' }, + value: { type: 'number' }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + expect(mockStats.schemasExtracted).toBe(1); // items object + expect(Object.keys(mockComponents).length).toBe(1); + expect(schema.items).toHaveProperty('$ref'); + }); + + it('should extract additionalProperties objects as components', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog, { + extractEmpty: false, + }); + const schema = { + type: 'object', + additionalProperties: { + type: 'object', + properties: { + value: { type: 'string' }, + metadata: { type: 'object' }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + expect(mockStats.schemasExtracted).toBe(1); // additionalProperties object + expect(Object.keys(mockComponents).length).toBe(1); + expect(schema.additionalProperties).toHaveProperty('$ref'); + }); + + it('should skip empty objects (no properties)', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog, { + extractEmpty: false, + }); + const schema = { + type: 'object', + properties: { + emptyConfig: { + type: 'object', + // No properties + }, + validConfig: { + type: 'object', + properties: { + setting: { type: 'string' }, + }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + expect(mockStats.schemasExtracted).toBe(1); // Only validConfig extracted + expect(schema.properties.emptyConfig).not.toHaveProperty('$ref'); // Empty object stays inline + expect(schema.properties.validConfig).toHaveProperty('$ref'); // Valid object extracted + }); + + it('should not extract top-level request/response objects (depth 0)', () => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + const schema = { + type: 'object', + properties: { + data: { + type: 'object', + properties: { + nested: { type: 'string' }, + }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); // Called at depth 0 + expect(mockStats.schemasExtracted).toBe(1); // Only data property object (depth 1) + // Root object itself should NOT be extracted + expect(schema.type).toBe('object'); // Root stays as inline object + expect(schema.properties.data).toHaveProperty('$ref'); // Nested object extracted + }); + + describe('Extract objects with structural fields', () => { + beforeEach(() => { + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog); + }); + + it('should extract property object with only additionalProperties (no properties)', () => { + const schema = { + type: 'object', + properties: { + metadata: { + type: 'object', + additionalProperties: { + type: 'string', + }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(1); + expect(schema.properties.metadata).toEqual({ $ref: '#/components/schemas/Mockproperty' }); + expect(mockComponents.Mockproperty).toEqual({ + type: 'object', + additionalProperties: { + type: 'string', + }, + }); + }); + + it('should extract array item object with only additionalProperties', () => { + const schema = { + type: 'array', + items: { + type: 'object', + additionalProperties: { + type: 'number', + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(1); + expect(schema.items).toEqual({ $ref: '#/components/schemas/MockarrayItem' }); + expect(mockComponents.MockarrayItem).toEqual({ + type: 'object', + additionalProperties: { + type: 'number', + }, + }); + }); + + it('should extract object with only composition types (no properties)', () => { + const schema = { + type: 'object', + properties: { + variant: { + type: 'object', + oneOf: [{ type: 'string' }, { type: 'number' }], + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + + // variant object extracted (1) + oneOf items (2) = 3 + expect(mockStats.schemasExtracted).toBe(3); + expect(schema.properties.variant).toEqual({ $ref: '#/components/schemas/Mockproperty' }); + }); + + it('should NOT extract object with only metadata fields', () => { + const schema = { + type: 'object', + properties: { + metadataOnly: { + type: 'object', + description: 'This is just metadata', + title: 'Metadata Object', + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog, { + extractEmpty: false, + }); + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(0); + expect(schema.properties.metadataOnly).not.toHaveProperty('$ref'); + expect(schema.properties.metadataOnly).toEqual({ + type: 'object', + description: 'This is just metadata', + title: 'Metadata Object', + }); + }); + + it('should NOT extract empty objects', () => { + const schema = { + type: 'object', + properties: { + emptyObj: { + type: 'object', + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema = createProcessSchema(mockComponents, mockNameGenerator, mockStats, mockLog, { + extractEmpty: false, + }); + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(0); + expect(schema.properties.emptyObj).not.toHaveProperty('$ref'); + expect(schema.properties.emptyObj).toEqual({ type: 'object' }); + }); + + it('should extract additionalProperties object with structural fields', () => { + const schema = { + type: 'object', + additionalProperties: { + type: 'object', + oneOf: [{ type: 'string' }, { type: 'boolean' }], + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + + // additionalProperties object (1) + oneOf items (2) = 3 + expect(mockStats.schemasExtracted).toBe(3); + expect(schema.additionalProperties).toEqual({ + $ref: '#/components/schemas/MockadditionalProperty', + }); + }); + + it('should extract object with patternProperties', () => { + const schema = { + type: 'object', + properties: { + config: { + type: 'object', + patternProperties: { + '^[a-z]+$': { + type: 'string', + }, + }, + }, + }, + }; + const context = { operationId: 'test', responseCode: '200' }; + processSchema(schema, context); + + expect(mockStats.schemasExtracted).toBe(1); + expect(schema.properties.config).toEqual({ $ref: '#/components/schemas/Mockproperty' }); + expect(mockComponents.Mockproperty).toEqual({ + type: 'object', + patternProperties: { + '^[a-z]+$': { + type: 'string', + }, + }, + }); + }); + }); +}); diff --git a/oas_docs/lib/resolve_external_refs.js b/oas_docs/lib/resolve_external_refs.js new file mode 100644 index 0000000000000..de0417ce10429 --- /dev/null +++ b/oas_docs/lib/resolve_external_refs.js @@ -0,0 +1,251 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +const path = require('node:path'); +const fs = require('node:fs'); +const yaml = require('js-yaml'); +const cloneDeep = require('lodash/cloneDeep'); +const { ToolingLog } = require('@kbn/tooling-log'); +const { REPO_ROOT } = require('@kbn/repo-info'); + +function isRefNode(node) { + return typeof node === 'object' && node !== null && '$ref' in node; +} + +function parseRef(ref) { + if (ref.includes('#')) { + const [filePath, pointer] = ref.split('#'); + return { path: filePath, pointer }; + } + return { path: ref, pointer: '' }; +} + +function toAbsolutePath(maybeAbsolutePath, baseDirPath) { + if (path.isAbsolute(maybeAbsolutePath)) { + return maybeAbsolutePath; + } + return path.join(baseDirPath, maybeAbsolutePath); +} + +function extractByJsonPointer(document, pointer) { + if (!pointer.startsWith('/')) { + throw new Error('JSON pointer must start with a leading slash'); + } + + if (typeof document !== 'object' || document === null || Array.isArray(document)) { + throw new Error('document must be an object'); + } + + const segments = pointer.slice(1).split('/'); + let target = document; + + for (const segment of segments) { + if (typeof target !== 'object' || target === null || Array.isArray(target)) { + throw new Error( + `JSON Pointer ${pointer} resolution failure. Expected segment to be a plain object` + ); + } + target = target[segment]; + } + + return target; +} + +function extractObjectByJsonPointer(document, pointer) { + const maybeObject = extractByJsonPointer(document, pointer); + if (typeof maybeObject !== 'object' || maybeObject === null || Array.isArray(maybeObject)) { + throw new Error(`JSON Pointer resolution failure. Expected ${pointer} to be a plain object`); + } + return maybeObject; +} + +async function readDocument(documentPath) { + const extension = path.extname(documentPath); + const fileContent = await fs.promises.readFile(documentPath, { encoding: 'utf8' }); + + switch (extension) { + case '.yaml': + case '.yml': + return yaml.load(fileContent); + case '.json': + return JSON.parse(fileContent); + default: + throw new Error(`${extension} files are not supported`); + } +} + +function generateComponentName(filePath, pointer) { + const fileName = path.basename(filePath, path.extname(filePath)); + const baseName = fileName.replace(/[^a-zA-Z0-9]/g, '_'); + + if (pointer.startsWith('/components/schemas/')) { + const schemaName = pointer.split('/').pop(); + return schemaName || baseName; + } + + return baseName; +} + +function ensureUniqueComponentName(components, baseName) { + let name = baseName; + let counter = 1; + while (components[name]) { + name = `${baseName}_${counter}`; + counter++; + } + return name; +} + +function traverseDocument(node, visitor, visited = new Set()) { + if (visited.has(node)) { + return; + } + + if (typeof node !== 'object' || node === null) { + return; + } + + visited.add(node); + + if (isRefNode(node)) { + visitor(node); + return; + } + + if (Array.isArray(node)) { + node.forEach((item) => traverseDocument(item, visitor, visited)); + return; + } + + Object.values(node).forEach((value) => { + if (typeof value === 'object' && value !== null) { + traverseDocument(value, visitor, visited); + } + }); +} + +async function resolveExternalReferences( + relativeFilePath, + { log = new ToolingLog({ level: 'info', writeTo: process.stdout }) } = {} +) { + const absPath = path.resolve(REPO_ROOT, relativeFilePath); + const baseDir = path.dirname(absPath); + + log.info(`Loading OAS document from ${absPath}`); + let oasDoc; + try { + oasDoc = yaml.load(fs.readFileSync(absPath, 'utf8')); + } catch (error) { + log.error(`Failed to load YAML file: ${error.message}`); + throw error; + } + + if (!oasDoc.components) { + oasDoc.components = {}; + } + if (!oasDoc.components.schemas) { + oasDoc.components.schemas = {}; + } + + const components = oasDoc.components.schemas; + const visitedFiles = new Map(); + + async function resolveRefRecursive(refNode, refPath, pointer, baseDir) { + const refAbsolutePath = toAbsolutePath(refPath, baseDir); + + if (!fs.existsSync(refAbsolutePath)) { + log.warning(`Referenced file does not exist: ${refAbsolutePath}`); + return; + } + + const baseComponentName = generateComponentName(refAbsolutePath, pointer); + const componentName = ensureUniqueComponentName(components, baseComponentName); + + if (components[componentName]) { + refNode.$ref = `#/components/schemas/${componentName}`; + log.debug(`Using existing component: ${componentName}`); + return; + } + + log.debug(`Resolving external reference: ${refPath}#${pointer}`); + + let refDocument; + if (visitedFiles.has(refAbsolutePath)) { + const cached = visitedFiles.get(refAbsolutePath); + refDocument = cached; + } else { + refDocument = await readDocument(refAbsolutePath); + visitedFiles.set(refAbsolutePath, refDocument); + } + + let schemaContent; + if (pointer === '' || pointer === '/') { + schemaContent = refDocument; + } else if (pointer.startsWith('/components/schemas/')) { + schemaContent = extractObjectByJsonPointer(refDocument, pointer); + } else { + schemaContent = extractObjectByJsonPointer(refDocument, pointer); + } + + const clonedSchema = cloneDeep(schemaContent); + components[componentName] = clonedSchema; + log.debug(`Added component: ${componentName}`); + + const refBaseDir = path.dirname(refAbsolutePath); + const nestedRefs = []; + traverseDocument(clonedSchema, (nestedRefNode) => { + const { path: nestedRefPath, pointer: nestedPointer } = parseRef(nestedRefNode.$ref); + if (nestedRefPath && nestedRefPath.trim() !== '' && !nestedRefPath.startsWith('#')) { + nestedRefs.push({ + refNode: nestedRefNode, + refPath: nestedRefPath, + pointer: nestedPointer, + }); + } + }); + + for (const nestedRef of nestedRefs) { + await resolveRefRecursive( + nestedRef.refNode, + nestedRef.refPath, + nestedRef.pointer, + refBaseDir + ); + } + + refNode.$ref = `#/components/schemas/${componentName}`; + log.debug(`Replaced external ref with: ${refNode.$ref}`); + } + + log.info('Scanning for external file references...'); + + const refsToResolve = []; + traverseDocument(oasDoc, (refNode) => { + const { path: refPath, pointer } = parseRef(refNode.$ref); + if (refPath && refPath.trim() !== '' && !refPath.startsWith('#')) { + refsToResolve.push({ refNode, refPath, pointer }); + } + }); + + log.info(`Found ${refsToResolve.length} external file references`); + + for (const { refNode, refPath, pointer } of refsToResolve) { + try { + await resolveRefRecursive(refNode, refPath, pointer, baseDir); + } catch (error) { + log.warning(`Failed to resolve external reference ${refPath}#${pointer}: ${error.message}`); + } + } + + log.info(`Writing resolved document to ${absPath}`); + fs.writeFileSync(absPath, yaml.dump(oasDoc, { noRefs: true, lineWidth: -1 }), 'utf8'); + log.info('External references resolved successfully'); +} + +module.exports = { resolveExternalReferences }; diff --git a/oas_docs/makefile b/oas_docs/makefile index d5470c0111d5f..a8ad8c7ca252b 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -25,7 +25,7 @@ space-aware-api-docs: ## Add special space aware description entries @node scripts/promote_space_awareness.js oas_docs/output/kibana.serverless.yaml .PHONY: merge-api-docs -merge-api-docs: ## Merge Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler +merge-api-docs: ## Merge Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler, and convert schemas to component references @node scripts/merge_serverless_oas.js @node scripts/merge_ess_oas.js @@ -37,6 +37,12 @@ merge-api-docs-stateful: ## Merge only kibana.yaml merge-api-docs-serverless: ## Merge only kibana.serverless.yaml @node scripts/merge_serverless_oas.js +.PHONY: componentize-schemas +componentize-schemas: ## convert inline object schemas to component references in both kibana.yaml and kibana.serverless.yaml + @echo "Converting inline schemas to component references...this might take a while" + @node scripts/extract_components.js oas_docs/output/kibana.yaml + @node scripts/extract_components.js oas_docs/output/kibana.serverless.yaml + .PHONY: api-docs-lint api-docs-lint: ## Run redocly API docs linter @npx @redocly/cli lint "output/*.yaml" --config "linters/redocly.yaml" --format stylish --max-problems 500 @@ -61,6 +67,8 @@ api-docs-overlay: ## Apply all overlays @npx bump-cli overlay "output/kibana.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.tmp4.yaml" @npx @redocly/cli bundle output/kibana.serverless.tmp4.yaml --ext yaml -o output/kibana.serverless.yaml @npx @redocly/cli bundle output/kibana.tmp4.yaml --ext yaml -o output/kibana.yaml + @node scripts/resolve_external_refs.js oas_docs/output/kibana.serverless.yaml + @node scripts/resolve_external_refs.js oas_docs/output/kibana.yaml rm output/kibana.tmp*.yaml rm output/kibana.serverless.tmp*.yaml @@ -75,4 +83,4 @@ help: ## Display help @awk 'BEGIN {FS = ":.*##"; printf "Usage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) #------------- -------------- -.DEFAULT_GOAL := help \ No newline at end of file +.DEFAULT_GOAL := help diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index df4d07e138467..43bfdda9126ec 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -332,71 +332,7 @@ paths: application/json: schema: items: - additionalProperties: false - type: object - properties: - allow_multiple_system_actions: - description: Indicates whether multiple instances of the same system action connector can be used in a single rule. - type: boolean - enabled: - description: Indicates whether the connector is enabled. - type: boolean - enabled_in_config: - description: Indicates whether the connector is enabled in the Kibana configuration. - type: boolean - enabled_in_license: - description: Indicates whether the connector is enabled through the license. - type: boolean - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_system_action_type: - description: Indicates whether the action is a system action. - type: boolean - minimum_license_required: - description: The minimum license required to enable the connector. - enum: - - basic - - standard - - gold - - platinum - - enterprise - - trial - type: string - name: - description: The name of the connector type. - type: string - source: - description: The source of the connector type definition. - enum: - - yml - - spec - - stack - type: string - sub_feature: - description: Indicates the sub-feature type the connector is grouped under. - enum: - - endpointSecurity - type: string - supported_feature_ids: - description: The list of supported features - items: - type: string - type: array - required: - - id - - name - - enabled - - enabled_in_config - - enabled_in_license - - minimum_license_required - - supported_feature_ids - - is_system_action_type - - is_deprecated - - source + $ref: '#/components/schemas/ApiActionsConnectorTypes_Get_Response_200_Item' type: array examples: getConnectorTypesServerlessResponse: @@ -460,44 +396,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200' examples: getConnectorResponse: $ref: '#/components/examples/get_connector_response' @@ -536,73 +435,63 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnector_Post_Request' properties: - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string config: additionalProperties: {} default: {} description: The connector configuration details. oneOf: - - $ref: '#/components/schemas/bedrock_config' - - $ref: '#/components/schemas/crowdstrike_config' - - $ref: '#/components/schemas/d3security_config' - - $ref: '#/components/schemas/email_config' - - $ref: '#/components/schemas/gemini_config' - - $ref: '#/components/schemas/resilient_config' - - $ref: '#/components/schemas/index_config' - - $ref: '#/components/schemas/jira_config' - - $ref: '#/components/schemas/genai_azure_config' - - $ref: '#/components/schemas/genai_openai_config' - - $ref: '#/components/schemas/genai_openai_other_config' - - $ref: '#/components/schemas/opsgenie_config' - - $ref: '#/components/schemas/pagerduty_config' - - $ref: '#/components/schemas/sentinelone_config' - - $ref: '#/components/schemas/servicenow_config' - - $ref: '#/components/schemas/servicenow_itom_config' - - $ref: '#/components/schemas/slack_api_config' - - $ref: '#/components/schemas/swimlane_config' - - $ref: '#/components/schemas/thehive_config' - - $ref: '#/components/schemas/tines_config' - - $ref: '#/components/schemas/torq_config' - - $ref: '#/components/schemas/webhook_config' - - $ref: '#/components/schemas/cases_webhook_config' - - $ref: '#/components/schemas/xmatters_config' + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/index_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_azure_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_other_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_itom_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_config.yaml secrets: additionalProperties: {} default: {} oneOf: - - $ref: '#/components/schemas/bedrock_secrets' - - $ref: '#/components/schemas/crowdstrike_secrets' - - $ref: '#/components/schemas/d3security_secrets' - - $ref: '#/components/schemas/email_secrets' - - $ref: '#/components/schemas/gemini_secrets' - - $ref: '#/components/schemas/resilient_secrets' - - $ref: '#/components/schemas/jira_secrets' - - $ref: '#/components/schemas/defender_secrets' - - $ref: '#/components/schemas/teams_secrets' - - $ref: '#/components/schemas/genai_secrets' - - $ref: '#/components/schemas/opsgenie_secrets' - - $ref: '#/components/schemas/pagerduty_secrets' - - $ref: '#/components/schemas/sentinelone_secrets' - - $ref: '#/components/schemas/servicenow_secrets' - - $ref: '#/components/schemas/slack_api_secrets' - - $ref: '#/components/schemas/swimlane_secrets' - - $ref: '#/components/schemas/thehive_secrets' - - $ref: '#/components/schemas/tines_secrets' - - $ref: '#/components/schemas/torq_secrets' - - $ref: '#/components/schemas/webhook_secrets' - - $ref: '#/components/schemas/cases_webhook_secrets' - - $ref: '#/components/schemas/xmatters_secrets' - required: - - name - - connector_type_id + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/defender_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/teams_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_secrets.yaml examples: createEmailConnectorRequest: $ref: '#/components/examples/create_email_connector_request' @@ -617,44 +506,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Post_Response_200' examples: createEmailConnectorResponse: $ref: '#/components/examples/create_email_connector_response' @@ -699,68 +551,62 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnector_Put_Request' properties: - name: - description: The display name for the connector. - type: string config: additionalProperties: {} default: {} description: The connector configuration details. oneOf: - - $ref: '#/components/schemas/bedrock_config' - - $ref: '#/components/schemas/crowdstrike_config' - - $ref: '#/components/schemas/d3security_config' - - $ref: '#/components/schemas/email_config' - - $ref: '#/components/schemas/gemini_config' - - $ref: '#/components/schemas/resilient_config' - - $ref: '#/components/schemas/index_config' - - $ref: '#/components/schemas/jira_config' - - $ref: '#/components/schemas/defender_config' - - $ref: '#/components/schemas/genai_azure_config' - - $ref: '#/components/schemas/genai_openai_config' - - $ref: '#/components/schemas/opsgenie_config' - - $ref: '#/components/schemas/pagerduty_config' - - $ref: '#/components/schemas/sentinelone_config' - - $ref: '#/components/schemas/servicenow_config' - - $ref: '#/components/schemas/servicenow_itom_config' - - $ref: '#/components/schemas/slack_api_config' - - $ref: '#/components/schemas/swimlane_config' - - $ref: '#/components/schemas/thehive_config' - - $ref: '#/components/schemas/tines_config' - - $ref: '#/components/schemas/torq_config' - - $ref: '#/components/schemas/webhook_config' - - $ref: '#/components/schemas/cases_webhook_config' - - $ref: '#/components/schemas/xmatters_config' + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/index_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/defender_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_azure_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_itom_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_config.yaml secrets: additionalProperties: {} default: {} oneOf: - - $ref: '#/components/schemas/bedrock_secrets' - - $ref: '#/components/schemas/crowdstrike_secrets' - - $ref: '#/components/schemas/d3security_secrets' - - $ref: '#/components/schemas/email_secrets' - - $ref: '#/components/schemas/gemini_secrets' - - $ref: '#/components/schemas/resilient_secrets' - - $ref: '#/components/schemas/jira_secrets' - - $ref: '#/components/schemas/teams_secrets' - - $ref: '#/components/schemas/genai_secrets' - - $ref: '#/components/schemas/opsgenie_secrets' - - $ref: '#/components/schemas/pagerduty_secrets' - - $ref: '#/components/schemas/sentinelone_secrets' - - $ref: '#/components/schemas/servicenow_secrets' - - $ref: '#/components/schemas/slack_api_secrets' - - $ref: '#/components/schemas/swimlane_secrets' - - $ref: '#/components/schemas/thehive_secrets' - - $ref: '#/components/schemas/tines_secrets' - - $ref: '#/components/schemas/torq_secrets' - - $ref: '#/components/schemas/webhook_secrets' - - $ref: '#/components/schemas/cases_webhook_secrets' - - $ref: '#/components/schemas/xmatters_secrets' - required: - - name + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/teams_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_secrets.yaml examples: updateIndexConnectorRequest: $ref: '#/components/examples/update_index_connector_request' @@ -769,44 +615,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Put_Response_200' description: Indicates a successful call. '403': description: Indicates that this call is forbidden. @@ -851,36 +660,33 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Request' properties: params: additionalProperties: {} oneOf: - - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty' - - $ref: '#/components/schemas/run_documents' - - $ref: '#/components/schemas/run_message_email' - - $ref: '#/components/schemas/run_message_serverlog' - - $ref: '#/components/schemas/run_message_slack' - - $ref: '#/components/schemas/run_trigger_pagerduty' - - $ref: '#/components/schemas/run_addevent' - - $ref: '#/components/schemas/run_closealert' - - $ref: '#/components/schemas/run_closeincident' - - $ref: '#/components/schemas/run_createalert' - - $ref: '#/components/schemas/run_fieldsbyissuetype' - - $ref: '#/components/schemas/run_getagentdetails' - - $ref: '#/components/schemas/run_getagents' - - $ref: '#/components/schemas/run_getchoices' - - $ref: '#/components/schemas/run_getfields' - - $ref: '#/components/schemas/run_getincident' - - $ref: '#/components/schemas/run_issue' - - $ref: '#/components/schemas/run_issues' - - $ref: '#/components/schemas/run_issuetypes' - - $ref: '#/components/schemas/run_postmessage' - - $ref: '#/components/schemas/run_pushtoservice' - - $ref: '#/components/schemas/run_validchannelid' - required: - - params + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_acknowledge_resolve_pagerduty.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_documents.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_email.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_serverlog.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_slack.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_trigger_pagerduty.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_addevent.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closealert.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issue.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issues.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issuetypes.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_postmessage.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_pushtoservice.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_validchannelid.yaml examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' @@ -897,44 +703,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Response_200' examples: runIndexConnectorResponse: $ref: '#/components/examples/run_index_connector_response' @@ -967,48 +736,7 @@ paths: application/json: schema: items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - referenced_by_count: - description: The number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated. - type: number - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated - - referenced_by_count + $ref: '#/components/schemas/ApiActionsConnectors_Get_Response_200_Item' type: array examples: getConnectorsResponse: @@ -1254,60 +982,7 @@ paths: - department-search name: Search Index Helper schema: - additionalProperties: false - type: object - properties: - avatar_color: - description: Optional hex color code for the agent avatar. - type: string - avatar_symbol: - description: Optional symbol/initials for the agent avatar. - type: string - configuration: - additionalProperties: false - description: Configuration settings for the agent. - type: object - properties: - instructions: - description: Optional system instructions that define the agent behavior. - type: string - tools: - items: - additionalProperties: false - description: Tool selection configuration for the agent. - type: object - properties: - tool_ids: - description: Array of tool IDs that the agent can use. - items: - description: Tool ID to be available to the agent. - type: string - type: array - required: - - tool_ids - type: array - required: - - tools - description: - description: Description of what the agent does. - type: string - id: - description: Unique identifier for the agent. - type: string - labels: - description: Optional labels for categorizing and organizing agents. - items: - description: Label for categorizing the agent. - type: string - type: array - name: - description: Display name for the agent. - type: string - required: - - id - - name - - description - - configuration + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request' responses: '200': content: @@ -1482,50 +1157,7 @@ paths: - elastic-employees name: Search Index Helper schema: - additionalProperties: false - type: object - properties: - avatar_color: - description: Updated hex color code for the agent avatar. - type: string - avatar_symbol: - description: Updated symbol/initials for the agent avatar. - type: string - configuration: - additionalProperties: false - description: Updated configuration settings for the agent. - type: object - properties: - instructions: - description: Updated system instructions that define the agent behavior. - type: string - tools: - items: - additionalProperties: false - description: Tool selection configuration for the agent. - type: object - properties: - tool_ids: - description: Array of tool IDs that the agent can use. - items: - description: Tool ID to be available to the agent. - type: string - type: array - required: - - tool_ids - type: array - description: - description: Updated description of what the agent does. - type: string - labels: - description: Updated labels for categorizing and organizing agents. - items: - description: Updated label for categorizing the agent. - type: string - type: array - name: - description: Updated display name for the agent. - type: string + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request' responses: '200': content: @@ -1820,25 +1452,7 @@ paths: description: Meeting notes type: text schema: - additionalProperties: false - type: object - properties: - data: {} - description: - description: Human-readable description of the attachment. - type: string - hidden: - description: Whether the attachment should be hidden from the user. - type: boolean - id: - description: Optional custom ID for the attachment. - type: string - type: - description: The type of the attachment (e.g., text, json, visualization_ref). - type: string - required: - - type - - data + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Post_Request' responses: '200': content: @@ -1966,14 +1580,7 @@ paths: value: description: Updated attachment name schema: - additionalProperties: false - type: object - properties: - description: - description: The new description/name for the attachment. - type: string - required: - - description + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Patch_Request' responses: '200': content: @@ -2047,15 +1654,7 @@ paths: data: New content version description: Updated meeting notes - v2 schema: - additionalProperties: false - type: object - properties: - data: {} - description: - description: Optional new description for the attachment. - type: string - required: - - data + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Put_Request' responses: '200': content: @@ -2180,103 +1779,7 @@ paths: connector_id: my-connector-id input: What is Elasticsearch? schema: - additionalProperties: false - type: object - properties: - agent_id: - default: elastic-ai-agent - description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. - type: string - attachments: - description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' - items: - additionalProperties: false - type: object - properties: - data: - additionalProperties: {} - description: Payload of the attachment. - type: object - hidden: - description: When true, the attachment will not be displayed in the UI. - type: boolean - id: - description: Optional id for the attachment. - type: string - type: - description: Type of the attachment. - type: string - required: - - type - - data - type: array - browser_api_tools: - description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. - items: - additionalProperties: false - type: object - properties: - description: - description: Description of what the browser API tool does. - type: string - id: - description: Unique identifier for the browser API tool. - type: string - schema: {} - required: - - id - - description - - schema - type: array - capabilities: - additionalProperties: false - description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. - type: object - properties: - visualizations: - description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. - type: boolean - configuration_overrides: - additionalProperties: false - description: Runtime configuration overrides. These override the stored agent configuration for this execution only. - type: object - properties: - instructions: - description: Custom instructions for the agent. - type: string - tools: - description: Tool selection to enable for this execution. - items: - additionalProperties: false - type: object - properties: - tool_ids: - items: - type: string - type: array - required: - - tool_ids - type: array - connector_id: - description: Optional connector ID for the agent to use for external integrations. - type: string - conversation_id: - description: Optional existing conversation ID to continue a previous conversation. - type: string - input: - description: The user input message to send to the agent. - type: string - prompts: - additionalProperties: - additionalProperties: false - type: object - properties: - allow: - type: boolean - required: - - allow - description: Can be used to respond to a confirmation prompt. - type: object + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request' responses: '200': content: @@ -2518,103 +2021,7 @@ paths: conversation_id: c250305b-1929-4248-b568-b9e3f065fda5 input: Hello schema: - additionalProperties: false - type: object - properties: - agent_id: - default: elastic-ai-agent - description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. - type: string - attachments: - description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' - items: - additionalProperties: false - type: object - properties: - data: - additionalProperties: {} - description: Payload of the attachment. - type: object - hidden: - description: When true, the attachment will not be displayed in the UI. - type: boolean - id: - description: Optional id for the attachment. - type: string - type: - description: Type of the attachment. - type: string - required: - - type - - data - type: array - browser_api_tools: - description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. - items: - additionalProperties: false - type: object - properties: - description: - description: Description of what the browser API tool does. - type: string - id: - description: Unique identifier for the browser API tool. - type: string - schema: {} - required: - - id - - description - - schema - type: array - capabilities: - additionalProperties: false - description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. - type: object - properties: - visualizations: - description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. - type: boolean - configuration_overrides: - additionalProperties: false - description: Runtime configuration overrides. These override the stored agent configuration for this execution only. - type: object - properties: - instructions: - description: Custom instructions for the agent. - type: string - tools: - description: Tool selection to enable for this execution. - items: - additionalProperties: false - type: object - properties: - tool_ids: - items: - type: string - type: array - required: - - tool_ids - type: array - connector_id: - description: Optional connector ID for the agent to use for external integrations. - type: string - conversation_id: - description: Optional existing conversation ID to continue a previous conversation. - type: string - input: - description: The user input message to send to the agent. - type: string - prompts: - additionalProperties: - additionalProperties: false - type: object - properties: - allow: - type: boolean - required: - - allow - description: Can be used to respond to a confirmation prompt. - type: object + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request' responses: '200': content: @@ -2951,39 +2358,7 @@ paths: - finance type: index_search schema: - additionalProperties: false - type: object - properties: - configuration: - additionalProperties: {} - description: Tool-specific configuration parameters. See examples for details. - type: object - description: - default: '' - description: Description of what the tool does. - type: string - id: - description: Unique identifier for the tool. - type: string - tags: - default: [] - description: Optional tags for categorizing and organizing tools. - items: - description: Tag for categorizing the tool. - type: string - type: array - type: - description: The type of tool to create (e.g., esql, index_search). - enum: - - esql - - index_search - - workflow - - mcp - type: string - required: - - id - - type - - configuration + $ref: '#/components/schemas/ApiAgentBuilderTools_Post_Request' responses: '200': content: @@ -3153,22 +2528,7 @@ paths: tool_params: nlQuery: find trades with high execution prices above 100 schema: - additionalProperties: false - type: object - properties: - connector_id: - description: Optional connector ID for tools that require external integrations. - type: string - tool_id: - description: The ID of the tool to execute. - type: string - tool_params: - additionalProperties: {} - description: Parameters to pass to the tool execution. See examples for details - type: object - required: - - tool_id - - tool_params + $ref: '#/components/schemas/ApiAgentBuilderToolsExecute_Post_Request' responses: '200': content: @@ -3579,22 +2939,7 @@ paths: - compliance - reporting schema: - additionalProperties: false - type: object - properties: - configuration: - additionalProperties: {} - description: Updated tool-specific configuration parameters. See examples for details. - type: object - description: - description: Updated description of what the tool does. - type: string - tags: - description: Updated tags for categorizing and organizing tools. - items: - description: Updated tag for categorizing the tool. - type: string - type: array + $ref: '#/components/schemas/ApiAgentBuilderTools_Put_Request' responses: '200': content: @@ -3772,674 +3117,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -4639,263 +3317,27 @@ paths: schedule: interval: 1h schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiAlertingRule_Post_Request' properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10 - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - maxLength: 10000 - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - enabled: - default: true - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: The check interval, which specifies how frequently the rule conditions are checked. - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string params: additionalProperties: {} default: {} description: The parameters for the rule. anyOf: - - $ref: '#/components/schemas/params_property_apm_anomaly' - - $ref: '#/components/schemas/params_property_apm_error_count' - - $ref: '#/components/schemas/params_property_apm_transaction_duration' - - $ref: '#/components/schemas/params_property_apm_transaction_error_rate' - - $ref: '#/components/schemas/params_es_query_dsl_rule' - - $ref: '#/components/schemas/params_es_query_esql_rule' - - $ref: '#/components/schemas/params_es_query_kql_rule' - - $ref: '#/components/schemas/params_index_threshold_rule' - - $ref: '#/components/schemas/params_property_infra_inventory' - - $ref: '#/components/schemas/params_property_log_threshold' - - $ref: '#/components/schemas/params_property_infra_metric_threshold' - - $ref: '#/components/schemas/params_property_slo_burn_rate' - - $ref: '#/components/schemas/params_property_synthetics_uptime_tls' - - $ref: '#/components/schemas/params_property_synthetics_monitor_status' - required: - - name - - rule_type_id - - consumer - - schedule + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_anomaly.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_error_count.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_transaction_duration.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_transaction_error_rate.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_dsl_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_esql_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_kql_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_index_threshold_rule.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_infra_inventory.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_log_threshold.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_infra_metric_threshold.yaml + - $ref: ../../x-pack/solutions/observability/plugins/slo/server/lib/rules/slo_burn_rate/docs/params_property_slo_burn_rate.yaml + - $ref: ../../x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/lib/alerts/docs/params_property_synthetics_uptime_tls.yaml + - $ref: ../../x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/lib/alerts/docs/params_property_synthetics_monitor_status.yaml responses: '200': content: @@ -5183,674 +3625,7 @@ paths: updated_at: '2024-02-15T03:24:32.574Z' updated_by: elastic schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -5927,235 +3702,7 @@ paths: interval: 1m tags: [] schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10 - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - maxLength: 10000 - type: string - required: - - blob - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - name - - schedule + $ref: '#/components/schemas/ApiAlertingRule_Put_Request' responses: '200': content: @@ -6231,674 +3778,7 @@ paths: updated_at: '2024-03-26T23:22:59.949Z' updated_by: elastic schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -6941,14 +3821,7 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true + $ref: '#/components/schemas/ApiAlertingRuleDisable_Post_Request' responses: '204': description: Indicates a successful call. @@ -7153,144 +4026,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - schedule + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - id: - description: Identifier of the snooze schedule. - type: string - required: - - id - required: - - schedule - required: - - body + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema. @@ -7747,674 +4489,7 @@ paths: per_page: 10 total: 1 schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -8507,22 +4582,14 @@ paths: content: application/json: schema: - type: object - properties: - schema: - additionalProperties: true - description: Schema object - example: - foo: bar - type: object + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Request' required: true responses: '200': content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Response_200' description: Successful response '400': content: @@ -8835,8 +4902,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmSettingsAgentConfiguration_Put_Response_200' description: Successful response '400': content: @@ -9255,8 +5321,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmSourcemaps_Delete_Response_200' description: Successful response '400': content: @@ -9340,16 +5405,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - description: True if the record was deleted or false if the record did not exist. - type: boolean - record: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' - description: The deleted record if it existed. - required: - - deleted + $ref: '#/components/schemas/ApiAssetCriticality_Delete_Response_200' description: Successful response '400': description: Invalid request @@ -9417,19 +5473,7 @@ paths: content: application/json: schema: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - - type: object - properties: - refresh: - description: If 'wait_for' the request will wait for the index refresh. - enum: - - wait_for - type: string - example: - criticality_level: high_impact - id_field: host.name - id_value: my_host + $ref: '#/components/schemas/ApiAssetCriticality_Post_Request' required: true responses: '200': @@ -9463,55 +5507,13 @@ paths: content: application/json: schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - - type: object - properties: - criticality_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload' - required: - - criticality_level - maxItems: 1000 - minItems: 1 - type: array - required: - - records + $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Request' responses: '200': content: application/json: schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' - type: array - stats: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' - required: - - errors - - stats + $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Response_200' description: Bulk upload successful '413': description: File too large @@ -9579,52 +5581,7 @@ paths: content: application/json: schema: - example: - page: 1 - per_page: 10 - records: - - '@timestamp': '2024-08-02T14:40:35.705Z' - asset: - criticality: medium_impact - criticality_level: medium_impact - host: - asset: - criticality: medium_impact - name: my_other_host - id_field: host.name - id_value: my_other_host - - '@timestamp': '2024-08-02T11:15:34.290Z' - asset: - criticality: high_impact - criticality_level: high_impact - host: - asset: - criticality: high_impact - name: my_host - id_field: host.name - id_value: my_host - total: 2 - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total + $ref: '#/components/schemas/ApiAssetCriticalityList_Get_Response_200' description: Successfully retrieved asset criticality records summary: List asset criticality records tags: @@ -9647,49 +5604,7 @@ paths: content: application/json: schema: - type: object - properties: - update: - description: Configuration object containing all parameters for the bulk update operation - type: object - properties: - enable_field_rendering: - default: false - description: Enables a markdown syntax used to render pivot fields, for example `{{ user.name james }}`. When disabled, the same example would be rendered as `james`. This is primarily used for Attack discovery views within Kibana. Defaults to `false`. - example: false - type: boolean - ids: - description: Array of Attack discovery IDs to update - example: - - c0c8a8bbb4a6561856a974ee9e461f0c82e673a1f0d83f86c5a8d80fc8de4c4f - - 5aa8f2900c0b03854b3b1a52a19558c5ea9893865c78235d4ad3dcc46196f4c7 - items: - type: string - type: array - kibana_alert_workflow_status: - description: When provided, update the kibana.alert.workflow_status of the attack discovery alerts - enum: - - open - - acknowledged - - closed - example: acknowledged - type: string - visibility: - description: When provided, update the visibility of the alert, as determined by the kibana.alert.attack_discovery.users field - enum: - - not_shared - - shared - example: shared - type: string - with_replacements: - default: true - description: When true, returns the updated Attack discoveries with text replacements applied to the detailsMarkdown, entitySummaryMarkdown, summaryMarkdown, and title fields. This substitutes anonymized values with human-readable equivalents. Defaults to `true`. - example: true - type: boolean - required: - - ids - required: - - update + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Request' description: Bulk update parameters for Attack discoveries required: true responses: @@ -9697,38 +5612,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of updated Attack discovery alert objects. Each item includes the applied modifications from the bulk update request. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - required: - - data + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Response_200' description: Successful response containing the updated Attack discovery alerts '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the bulk update request - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Response_400' description: Generic Error summary: Bulk update Attack discoveries tags: @@ -9899,61 +5789,13 @@ paths: content: application/json: schema: - type: object - properties: - connector_names: - description: List of human readable connector names that are present in the matched Attack discoveries. Useful for building client filters or summaries. - items: - type: string - type: array - data: - description: Array of matched Attack discovery objects. Each item follows the `AttackDiscoveryApiAlert` schema. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - page: - description: Current page number of the paginated result set. - type: integer - per_page: - description: Number of items requested per page. - type: integer - total: - description: Total number of Attack discoveries matching the query (across all pages). - type: integer - unique_alert_ids: - description: List of unique alert IDs aggregated from the matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. - items: - type: string - type: array - unique_alert_ids_count: - description: Number of unique alert IDs across all matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. - type: integer - required: - - connector_names - - data - - page - - per_page - - total - - unique_alert_ids_count + $ref: '#/components/schemas/ApiAttackDiscoveryFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid request payload. - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoveryFind_Get_Response_400' description: Generic Error summary: Find Attack discoveries that match the search criteria tags: @@ -9991,37 +5833,13 @@ paths: content: application/json: schema: - type: object - properties: - execution_uuid: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier for the attack discovery generation process. Use this UUID to track the generation progress and retrieve results via the find endpoint. - example: edd26039-0990-4d9f-9829-2a1fcacb77b5 - required: - - execution_uuid + $ref: '#/components/schemas/ApiAttackDiscoveryGenerate_Post_Response_200' description: Attack discovery generation initiated successfully '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerate_Post_Response_400' description: Bad request - Invalid input parameters or configuration summary: Generate attack discoveries from alerts tags: @@ -11010,34 +6828,13 @@ paths: content: application/json: schema: - type: object - properties: - generations: - description: List of attack discovery generations - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' - type: array - required: - - generations + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid size parameter. Must be a positive number. - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_400' description: Bad request summary: Get the latest attack discovery generations metadata for the current user tags: @@ -11093,41 +6890,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of Attack discoveries generated during this execution. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - generation: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' - description: Optional metadata about the attack discovery generation process, metadata including execution status and statistics. This metadata may not be available for all generations. - required: - - data + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_200_1' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the request - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_400_1' description: Generic Error summary: Get a single Attack discovery generation, including its discoveries and (optional) generation metadata tags: @@ -11167,92 +6936,13 @@ paths: content: application/json: schema: - type: object - properties: - alerts_context_count: - description: The number of alerts that were sent as context to the LLM for this generation. - example: 75 - type: number - connector_id: - description: The unique identifier of the connector used to generate the attack discoveries. - example: chatGpt5_0ChatAzure - type: string - connector_stats: - description: Statistical information about the connector's performance for this user, providing insights into usage patterns and success rates. - type: object - properties: - average_successful_duration_nanoseconds: - description: The average duration in nanoseconds for successful generations using this connector by the current user. - example: 47958500000 - type: number - successful_generations: - description: The total number of Attack discoveries successfully created for this generation - example: 2 - type: number - discoveries: - description: The number of attack discoveries that were generated during this execution. - example: 3 - type: number - end: - description: The timestamp when the generation process completed, in ISO 8601 format. This field may be absent for generations that haven't finished. - example: '2025-09-29T06:42:44.810Z' - type: string - execution_uuid: - description: The unique identifier for this attack discovery generation execution. This UUID can be used to reference this specific generation in other API calls. - example: 46b218d5-535d-4329-be56-d0f6af6986b7 - type: string - loading_message: - description: A human-readable message describing the current state or progress of the generation process. Provides context about what the AI is analyzing. - example: AI is analyzing up to 100 alerts in the last 24 hours to generate discoveries. - type: string - reason: - description: Additional context or reasoning provided when a generation fails or encounters issues. This field helps diagnose problems with the generation process. - example: Connection timeout to AI service - type: string - start: - description: The timestamp when the generation process began, in ISO 8601 format. This marks the beginning of the AI analysis. - example: '2025-09-29T06:42:08.962Z' - type: string - status: - description: The current status of the attack discovery generation. After dismissing, this will be set to "dismissed". - enum: - - canceled - - dismissed - - failed - - started - - succeeded - example: dismissed - type: string - required: - - connector_id - - discoveries - - execution_uuid - - loading_message - - start - - status + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_200' description: Successful response - The attack discovery generation has been dismissed '400': content: application/json: schema: - type: object - properties: - error: - description: Error type or category - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the request. - example: Invalid request parameters - type: string - status_code: - description: HTTP status code indicating the type of client error - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_400' description: Generic Error summary: Dismiss an attack discovery generation tags: @@ -11434,46 +7124,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of matched Attack discovery schedule objects. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiSchedule' - type: array - page: - description: Current page number of the paginated result set. - type: number - per_page: - description: Number of items requested per page. - type: number - total: - description: Total number of Attack discovery schedules matching the query (across all pages). - type: number - required: - - page - - per_page - - total - - data + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid request payload - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesFind_Get_Response_400' description: Generic Error summary: Finds Attack discovery schedules that match the search criteria tags: @@ -11515,13 +7172,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the deleted Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedules_Delete_Response_200' description: Successfully deleted Attack Discovery schedule, returning the ID of the deleted schedule for confirmation '400': content: @@ -11754,13 +7405,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the disabled Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesDisable_Post_Response_200' description: Successfully disabled Attack Discovery schedule, returning the schedule ID for confirmation '400': content: @@ -11812,13 +7457,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the enabled Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesEnable_Post_Response_200' description: Successfully enabled Attack Discovery schedule, returning the schedule ID for confirmation '400': content: @@ -11855,25 +7494,7 @@ paths: getAllDataViewsResponse: $ref: '#/components/examples/Data_views_get_data_views_response' schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array + $ref: '#/components/schemas/ApiDataViews_Get_Response_200' description: Indicates a successful call. '400': content: @@ -12053,23 +7674,14 @@ paths: updateFieldsMetadataRequest: $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Response_200' description: Indicates a successful call. '400': content: @@ -12096,26 +7708,14 @@ paths: createRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request' required: true responses: '200': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Response_200' description: Indicates a successful call. summary: Create a runtime field tags: @@ -12147,33 +7747,14 @@ paths: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200' description: Indicates a successful call. '400': content: @@ -12233,14 +7814,7 @@ paths: getRuntimeFieldResponse: $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200' description: Indicates a successful call. '404': content: @@ -12272,19 +7846,7 @@ paths: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_1' required: true responses: '200': @@ -12318,10 +7880,7 @@ paths: getDefaultDataViewResponse: $ref: '#/components/examples/Data_views_get_default_data_view_response' schema: - type: object - properties: - data_view_id: - type: string + $ref: '#/components/schemas/ApiDataViewsDefault_Get_Response_200' description: Indicates a successful call. '400': content: @@ -12352,29 +7911,14 @@ paths: setDefaultDataViewRequest: $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: - type: object - properties: - data_view_id: - description: | - The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id + $ref: '#/components/schemas/ApiDataViewsDefault_Post_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean + $ref: '#/components/schemas/ApiDataViewsDefault_Post_Response_200' description: Indicates a successful call. '400': content: @@ -12421,26 +7965,7 @@ paths: content: application/json: schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200' description: Indicates a successful call. summary: Swap saved object references tags: @@ -12475,19 +8000,7 @@ paths: content: application/json: schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + $ref: '#/components/schemas/ApiDataViewsSwapReferencesPreview_Post_Response_200' description: Indicates a successful call. summary: Preview a saved object reference swap tags: @@ -12550,15 +8063,7 @@ paths: is_authenticated: true username: elastic schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key + $ref: '#/components/schemas/ApiDetectionEnginePrivileges_Get_Response_200' description: Successful response '401': content: @@ -14156,15 +9661,7 @@ paths: end_date: '2025-03-10T23:59:59.999Z' start_date: '2025-03-01T00:00:00.000Z' schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' - - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps' - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' + $ref: '#/components/schemas/ApiDetectionEngineRulesBulkAction_Post_Request' responses: '200': content: @@ -14803,9 +10300,7 @@ paths: rules_count: 1 success: true schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesBulkAction_Post_Response_200' description: OK summary: Apply a bulk action to detection rules tags: @@ -14854,21 +10349,7 @@ paths: content: application/json: schema: - nullable: true - type: object - properties: - objects: - description: Array of objects with a rule's `rule_id` field. Do not use rule's `id` here. Exports all rules when unspecified. - items: - type: object - properties: - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - required: - - rule_id - type: array - required: - - objects + $ref: '#/components/schemas/ApiDetectionEngineRulesExport_Post_Request' required: false responses: '200': @@ -15058,27 +10539,7 @@ paths: perPage: 5 total: 4 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_WarningSchema' - type: array - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiDetectionEngineRulesFind_Get_Response_200' description: | Successful response > info @@ -15152,12 +10613,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string + $ref: '#/components/schemas/ApiDetectionEngineRulesImport_Post_Request' required: true responses: '200': @@ -15175,55 +10631,7 @@ paths: success: true success_count: 1 schema: - additionalProperties: false - type: object - properties: - action_connectors_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_WarningSchema' - type: array - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count + $ref: '#/components/schemas/ApiDetectionEngineRulesImport_Post_Response_200' description: Indicates a successful call. summary: Import detection rules tags: @@ -15263,36 +10671,7 @@ paths: content: application/json: schema: - example: - items: - - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple - type: object - properties: - items: - items: - $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' - type: array - required: - - items + $ref: '#/components/schemas/ApiDetectionEngineRulesExceptions_Post_Request' description: Rule exception items. required: true responses: @@ -15350,9 +10729,7 @@ paths: message: '[request params]: id: Invalid uuid' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesExceptions_Post_Response_400' description: Invalid input data response '401': content: @@ -15408,33 +10785,7 @@ paths: content: application/json: schema: - anyOf: - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - discriminator: - propertyName: type + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request' description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: @@ -15442,26 +10793,13 @@ paths: content: application/json: schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' - type: array - previewId: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - logs + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Response_400' description: Invalid input data response '401': content: @@ -15620,17 +10958,13 @@ paths: timed_out: false took: 0 schema: - additionalProperties: true - description: Elasticsearch search response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsSearch_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsSearch_Post_Response_400' description: Invalid input data response '401': content: @@ -15702,9 +11036,7 @@ paths: should: [] status: closed schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' - - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Request' description: An object containing desired status and explicit alert ids or a query to select alerts required: true responses: @@ -15747,17 +11079,13 @@ paths: updated: 17 version_conflicts: 0 schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Response_400' description: Invalid input data response '401': content: @@ -15825,17 +11153,13 @@ paths: updated: 1, version_conflicts: 0, schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsTags_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsTags_Post_Response_400' description: Invalid input data response '401': content: @@ -15912,9 +11236,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointList_Post_Response_400' description: Invalid input data '401': content: @@ -15975,9 +11297,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Delete_Response_400' description: Invalid input data '401': content: @@ -16043,9 +11363,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Get_Response_400' description: Invalid input data '401': content: @@ -16091,34 +11409,7 @@ paths: content: application/json: schema: - type: object - properties: - comments: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' - default: [] - description: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' - entries: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' - item_id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' - meta: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' - os_types: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' - default: [] - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries + $ref: '#/components/schemas/ApiEndpointListItems_Post_Request' description: Exception list item's properties required: true responses: @@ -16132,9 +11423,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Post_Response_400' description: Invalid input data '401': content: @@ -16180,39 +11469,7 @@ paths: content: application/json: schema: - type: object - properties: - _version: - type: string - comments: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' - default: [] - description: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' - entries: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified - item_id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' - description: Either `id` or `item_id` must be specified - meta: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' - os_types: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries + $ref: '#/components/schemas/ApiEndpointListItems_Put_Request' description: Exception list item's properties required: true responses: @@ -16226,9 +11483,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Put_Response_400' description: Invalid input data '401': content: @@ -16314,36 +11569,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiEndpointListItemsFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItemsFind_Get_Response_400' description: Invalid input data '401': content: @@ -16549,33 +11781,7 @@ paths: schema: properties: data: - type: object - properties: - actionId: - type: string - agentId: - type: string - agentType: - type: string - created: - format: date-time - type: string - id: - type: string - mimeType: - type: string - name: - type: string - size: - type: number - status: - enum: - - AWAITING_UPLOAD - - UPLOADING - - READY - - UPLOAD_ERROR - - DELETED - type: string + $ref: '#/components/schemas/ApiEndpointActionFile_Get_Response_200_Data' description: OK summary: Get file information tags: @@ -16762,38 +11968,7 @@ paths: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/ApiEndpointActionIsolate_Post_Request' required: true responses: '200': @@ -17109,38 +12284,7 @@ paths: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/ApiEndpointActionUnisolate_Post_Request' required: true responses: '200': @@ -17338,10 +12482,7 @@ paths: content: application/json: schema: - type: object - properties: - note: - type: string + $ref: '#/components/schemas/ApiEndpointProtectionUpdatesNote_Post_Request' required: true responses: '200': @@ -17422,23 +12563,7 @@ paths: sortField: name total: 100 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointScript' - type: array - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize' - sortDirection: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SortDirection' - sortField: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiSortField' - total: - description: The total number of scripts matching the query - type: integer + $ref: '#/components/schemas/ApiEndpointScriptsLibrary_Get_Response_200' description: List of scripts response summary: Get a list of scripts tags: @@ -17462,12 +12587,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - type: boolean - required: - - deleted + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineDelete_Delete_Response_200' description: Successful response summary: Delete the Privilege Monitoring Engine tags: @@ -17539,21 +12659,13 @@ paths: content: application/json: schema: - type: object - properties: - success: - description: Indicates the scheduling was successful - type: boolean + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_200' description: Successful response '409': content: application/json: schema: - type: object - properties: - message: - description: Error message indicating the engine is already running - type: string + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_409' description: Conflict - Monitoring engine is already running summary: Schedule the Privilege Monitoring Engine tags: @@ -17575,32 +12687,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: object - properties: - message: - type: string - required: - - status - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' - users: - description: User statistics for privilege monitoring - type: object - properties: - current_count: - description: Current number of privileged users being monitored - type: integer - max_allowed: - description: Maximum number of privileged users allowed to be monitored - type: integer - required: - - current_count - - max_allowed - required: - - status + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200' description: Successful response summary: Health check on Privilege Monitoring tags: @@ -17680,40 +12767,13 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: The CSV file to upload. - format: binary - type: string - required: - - file + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsersCsv_Post_Request' responses: '200': content: application/json: schema: - example: - errors: - - index: 1 - message: Invalid monitored field - username: john.doe - stats: - failedOperations: 1 - successfulOperations: 1 - totalOperations: 2 - uploaded: 1 - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadErrorItem' - type: array - stats: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadStats' - required: - - errors - - stats + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsersCsv_Post_Response_200' description: Bulk upload successful '413': description: File too large @@ -17743,16 +12803,7 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - description: Indicates if the deletion was successful - type: boolean - message: - description: A message providing additional information about the deletion status - type: string - required: - - success + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsers_Delete_Response_200' description: User deleted successfully summary: Delete a monitored user tags: @@ -17838,12 +12889,7 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadInstall_Post_Response_200' description: Successful response summary: Installs the privileged access detection package for the Entity Analytics privileged user monitoring experience tags: @@ -17865,42 +12911,7 @@ paths: content: application/json: schema: - type: object - properties: - jobs: - items: - type: object - properties: - description: - type: string - job_id: - type: string - state: - enum: - - closing - - closed - - opened - - failed - - opening - type: string - required: - - job_id - - state - type: array - ml_module_setup_status: - enum: - - complete - - incomplete - type: string - package_installation_status: - enum: - - complete - - incomplete - type: string - required: - - package_installation_status - - ml_module_setup_status - - jobs + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200' description: Privileged access detection status retrieved summary: Gets the status of the privileged access detection package for the Entity Analytics privileged user monitoring experience tags: @@ -17921,54 +12932,7 @@ paths: content: application/json: schema: - type: object - properties: - delay: - default: 1m - description: The delay before the transform will run. - pattern: '[smdh]$' - type: string - docsPerSecond: - default: -1 - description: The number of documents per second to process. - type: integer - enrichPolicyExecutionInterval: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' - entityTypes: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - frequency: - default: 1m - description: The frequency at which the transform will run. - pattern: '[smdh]$' - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - lookbackPeriod: - default: 3h - description: The amount of time the transform looks back to calculate the aggregations. - pattern: '[smdh]$' - type: string - maxPageSearchSize: - default: 500 - description: The initial page size to use for the composite aggregation of each checkpoint. - type: integer - timeout: - default: 180s - description: The timeout for initializing the aggregating transform. - pattern: '[smdh]$' - type: string - timestampField: - default: '@timestamp' - description: The field to use as the timestamp. - type: string + $ref: '#/components/schemas/ApiEntityStoreEnable_Post_Request' description: Schema for the entity store initialization required: true responses: @@ -17976,14 +12940,7 @@ paths: content: application/json: schema: - type: object - properties: - engines: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - type: array - succeeded: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnable_Post_Response_200' description: Successful response '400': description: Invalid request @@ -18036,16 +12993,7 @@ paths: - user - service schema: - type: object - properties: - deleted: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - still_running: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array + $ref: '#/components/schemas/ApiEntityStoreEngines_Delete_Response_200' description: Successful response summary: Delete Entity Engines tags: @@ -18066,14 +13014,7 @@ paths: content: application/json: schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - type: array + $ref: '#/components/schemas/ApiEntityStoreEngines_Get_Response_200' description: Successful response summary: List the Entity Engines tags: @@ -18123,10 +13064,7 @@ paths: value: deleted: true schema: - type: object - properties: - deleted: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEngines_Delete_Response_200_1' description: Successful response summary: Delete the Entity Engine tags: @@ -18182,50 +13120,7 @@ paths: content: application/json: schema: - type: object - properties: - delay: - default: 1m - description: The delay before the transform will run. - pattern: '[smdh]$' - type: string - docsPerSecond: - default: -1 - description: The number of documents per second to process. - type: integer - enrichPolicyExecutionInterval: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - frequency: - default: 1m - description: The frequency at which the transform will run. - pattern: '[smdh]$' - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - lookbackPeriod: - default: 3h - description: The amount of time the transform looks back to calculate the aggregations. - pattern: '[smdh]$' - type: string - maxPageSearchSize: - default: 500 - description: The initial page size to use for the composite aggregation of each checkpoint. - type: integer - timeout: - default: 180s - description: The timeout for initializing the aggregating transform. - pattern: '[smdh]$' - type: string - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string + $ref: '#/components/schemas/ApiEntityStoreEnginesInit_Post_Request' description: Schema for the engine initialization required: true responses: @@ -18264,10 +13159,7 @@ paths: content: application/json: schema: - type: object - properties: - started: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesStart_Post_Response_200' description: Successful response summary: Start an Entity Engine tags: @@ -18296,10 +13188,7 @@ paths: content: application/json: schema: - type: object - properties: - stopped: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesStop_Post_Response_200' description: Successful response summary: Stop an Entity Engine tags: @@ -18321,42 +13210,19 @@ paths: content: application/json: schema: - type: object - properties: - result: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' - type: array - success: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_200' description: Successful response '207': content: application/json: schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' - type: array - success: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_207' description: Partial successful response '500': content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_500' description: Error response summary: Apply DataView indices to all installed engines tags: @@ -18392,13 +13258,7 @@ paths: content: application/json: schema: - type: object - properties: - id: - description: Identifier of the entity to be deleted, commonly entity.id value. - type: string - required: - - id + $ref: '#/components/schemas/ApiEntityStoreEntities_Delete_Request' description: Schema for the deleting entity required: true responses: @@ -18406,10 +13266,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEntities_Delete_Response_200' description: Successful response. Entity deleted. '404': description: Entity Not Found. No entity with this ID and Type exists. @@ -18568,29 +13425,7 @@ paths: content: application/json: schema: - type: object - properties: - inspect: - $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total + $ref: '#/components/schemas/ApiEntityStoreEntitiesList_Get_Response_200' description: Entities returned successfully summary: List Entity Store Entities tags: @@ -18612,24 +13447,7 @@ paths: content: application/json: schema: - type: object - properties: - engines: - items: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - - type: object - properties: - components: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus' - type: array - type: array - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus' - required: - - status - - engines + $ref: '#/components/schemas/ApiEntityStoreStatus_Get_Response_200' description: Successful response summary: Get the status of the Entity Store tags: @@ -18721,9 +13539,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Delete_Response_400' description: Invalid input data response '401': content: @@ -18849,9 +13665,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Get_Response_400' description: Invalid input data response '401': content: @@ -18921,43 +13735,7 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: detection - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - default: [] - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - default: 1 - required: - - name - - description - - type + $ref: '#/components/schemas/ApiExceptionLists_Post_Request' description: Exception list's properties required: true responses: @@ -19057,9 +13835,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Post_Response_400' description: Invalid input data response '401': content: @@ -19127,46 +13903,7 @@ paths: content: application/json: schema: - example: - description: Different description - list_id: simple_list - name: Updated exception list name - os_types: - - linux - tags: - - draft malware - type: detection - type: object - properties: - _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. - type: string - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - required: - - name - - description - - type + $ref: '#/components/schemas/ApiExceptionLists_Put_Request' description: Exception list's properties required: true responses: @@ -19206,9 +13943,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Put_Response_400' description: Invalid input data response '401': content: @@ -19337,9 +14072,7 @@ paths: message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsDuplicate_Post_Response_400' description: Invalid input data response '401': content: @@ -19467,9 +14200,7 @@ paths: message: '[request query]: list_id: Required, namespace_type: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsExport_Post_Response_400' description: Invalid input data response '401': content: @@ -19626,26 +14357,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiExceptionListsFind_Get_Response_200' description: Successful response '400': content: @@ -19657,9 +14369,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -19739,15 +14449,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - example: | - {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} - {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} - format: binary - type: string + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Request' required: true responses: '200': @@ -19782,41 +14484,13 @@ paths: success_exception_list_items: true success_exception_lists: true, schema: - type: object - properties: - errors: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Response_400' description: Invalid input data response '401': content: @@ -19936,13 +14610,7 @@ paths: content: application/json: schema: - example: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Delete_Response_400' description: Invalid input data response '401': content: @@ -20078,9 +14746,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Get_Response_400' description: Invalid input data response '401': content: @@ -20150,20 +14816,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEndpointList' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindowsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEventFilters' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemHostIsolation' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistMac' + $ref: '#/components/schemas/ApiExceptionListsItems_Post_Request' description: Exception list item's properties required: true responses: @@ -20365,9 +15018,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Post_Response_400' description: Invalid input data response '401': content: @@ -20435,20 +15086,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEndpointList' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindowsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEventFilters' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemHostIsolation' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistMac' + $ref: '#/components/schemas/ApiExceptionListsItems_Put_Request' description: Exception list item's properties required: true responses: @@ -20492,9 +15130,7 @@ paths: message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Put_Response_400' description: Invalid input data response '401': content: @@ -20678,28 +15314,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiExceptionListsItemsFind_Get_Response_200' description: Successful response '400': content: @@ -20711,9 +15326,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItemsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -20821,20 +15434,7 @@ paths: total: 0 windows: 0 schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer + $ref: '#/components/schemas/ApiExceptionListsSummary_Get_Response_200' description: Successful response '400': content: @@ -20846,9 +15446,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsSummary_Get_Response_400' description: Invalid input data response '401': content: @@ -20919,24 +15517,7 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - required: - - name - - description + $ref: '#/components/schemas/ApiExceptionsShared_Post_Request' required: true responses: '200': @@ -20976,9 +15557,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionsShared_Post_Response_400' description: Invalid input data response '401': content: @@ -21048,97 +15627,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_400' description: A bad request. summary: Get agent binary download sources tags: @@ -21168,141 +15663,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - name - - host + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_400' description: A bad request. summary: Create an agent binary download source tags: @@ -21339,34 +15712,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Delete_Response_400' description: A bad request. summary: Delete an agent binary download source tags: @@ -21395,85 +15747,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_400_1' description: A bad request. summary: Get an agent binary download source tags: @@ -21508,141 +15788,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - name - - host + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_400' description: A bad request. summary: Update an agent binary download source tags: @@ -21727,742 +15885,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_400' description: A bad request. summary: Get agent policies tags: @@ -22497,963 +15926,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - space_ids: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_400' description: A bad request. summary: Create an agent policy tags: @@ -23492,754 +15977,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - ignoreMissing: - type: boolean - required: - - ids + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_400' description: A bad request. summary: Bulk get agent policies tags: @@ -24277,730 +16027,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_400_1' description: A bad request. summary: Get an agent policy tags: @@ -25043,965 +16076,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - bumpRevision: - type: boolean - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - space_ids: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_400' description: A bad request. summary: Update an agent policy tags: @@ -26031,71 +16118,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - currentVersions: - items: - additionalProperties: false - type: object - properties: - agents: - description: Number of agents that upgraded to this version - type: number - failedUpgradeActionIds: - description: List of action IDs related to failed upgrades - items: - type: string - maxItems: 1000 - type: array - failedUpgradeAgents: - description: Number of agents that failed to upgrade to this version - type: number - inProgressUpgradeActionIds: - description: List of action IDs related to in-progress upgrades - items: - type: string - maxItems: 1000 - type: array - inProgressUpgradeAgents: - description: Number of agents that are upgrading to this version - type: number - version: - description: Agent version - type: string - required: - - version - - agents - - failedUpgradeAgents - - inProgressUpgradeAgents - maxItems: 10000 - type: array - totalAgents: - type: number - required: - - currentVersions - - totalAgents + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_400' description: A bad request. summary: Get auto upgrade agent status tags: @@ -26139,745 +16168,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - type: string - name: - minLength: 1 - type: string - required: - - name + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_400' description: A bad request. summary: Copy an agent policy tags: @@ -26928,43 +16231,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDownload_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDownload_Get_Response_404' description: Not found. summary: Download an agent policy tags: @@ -27009,508 +16282,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - additionalProperties: true - type: object - properties: - id: - type: string - required: - - key - sourceURI: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - target_directory: - type: string - timeout: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - internal: {} - limits: - additionalProperties: false - type: object - properties: - go_max_procs: - type: number - logging: - additionalProperties: false - type: object - properties: - files: - additionalProperties: false - type: object - properties: - interval: - type: string - keepfiles: - type: number - rotateeverybytes: - type: number - level: - type: string - metrics: - additionalProperties: false - type: object - properties: - period: - type: string - to_files: - type: boolean - monitoring: - additionalProperties: false - type: object - properties: - _runtime_experimental: - type: string - apm: {} - diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - pprof: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - - apm - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - - internal - connectors: - additionalProperties: {} - type: object - exporters: - additionalProperties: {} - type: object - extensions: - additionalProperties: {} - type: object - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - maxItems: 100 - type: array - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - additionalProperties: true - type: object - properties: - id: - type: string - required: - - key - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - maxItems: 100 - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - maxItems: 10000 - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - maxItems: 10000 - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - maxItems: 10000 - type: array - namespaces: - items: - type: string - maxItems: 100 - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 100 - type: array - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - type: - type: string - required: - - type - type: object - processors: - additionalProperties: {} - type: object - receivers: - additionalProperties: {} - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10000 - type: array - service: - additionalProperties: false - type: object - properties: - extensions: - items: - type: string - maxItems: 1000 - type: array - pipelines: - additionalProperties: - additionalProperties: false - type: object - properties: - exporters: - items: - type: string - maxItems: 1000 - type: array - processors: - items: - type: string - maxItems: 1000 - type: array - receivers: - items: - type: string - maxItems: 1000 - type: array - x-oas-optional: true - type: object - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_400' description: A bad request. summary: Get a full agent policy tags: @@ -27540,90 +16318,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - maxItems: 1000 - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_400' description: A bad request. summary: Get outputs for an agent policy tags: @@ -27654,52 +16355,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - force: - description: bypass validation checks that can prevent agent policy deletion - type: boolean - required: - - agentPolicyId + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Response_400' description: A bad request. summary: Delete an agent policy tags: @@ -27730,109 +16398,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - required: - - ids + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - maxItems: 1000 - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_400' description: A bad request. summary: Get outputs for agent policies tags: @@ -27869,71 +16447,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - orphaned: - type: number - other: - type: number - unenrolled: - type: number - uninstalled: - type: number - updating: - type: number - required: - - events - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active - required: - - results + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_400' description: A bad request. summary: Get an agent status summary tags: @@ -27990,50 +16510,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - dataPreview: - items: {} - maxItems: 10000 - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - maxItems: 10000 - type: array - required: - - items - - dataPreview + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_400' description: A bad request. summary: Get incoming agent data tags: @@ -28206,207 +16689,7 @@ paths: deployment: azure posture: cspm schema: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - cloud_connector: - additionalProperties: false - type: object - properties: - cloud_connector_id: - description: ID of an existing cloud connector to reuse. If not provided, a new connector will be created. - type: string - enabled: - default: false - description: Whether cloud connectors are enabled for this policy. - type: boolean - name: - description: Optional name for the cloud connector. If not provided, will be auto-generated from credentials. - maxLength: 255 - minLength: 1 - type: string - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_template: - description: The policy template to use for the agentless package policy. If not provided, the default policy template will be used. - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request' responses: '200': content: @@ -28551,445 +16834,7 @@ paths: posture: cspm version: WzE0OTgsMV0= schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - description: The created agentless package policy. - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200' description: Indicates a successful response '400': content: @@ -29002,22 +16847,7 @@ paths: message: An error message describing what went wrong statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_400' description: Bad Request '409': content: @@ -29030,22 +16860,7 @@ paths: message: An error message describing what went wrong statusCode: 409 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_409' description: Conflict summary: Create an agentless policy tags: @@ -29096,15 +16911,7 @@ paths: item: id: d52a7812-5736-4fdc-aed8-72152afa1ffa schema: - additionalProperties: false - description: Response for deleting an agentless package policy. - type: object - properties: - id: - description: The ID of the deleted agentless package policy. - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_200' description: Indicates a successful response '400': content: @@ -29117,22 +16924,7 @@ paths: message: An error message describing what went wrong statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_400' description: Bad Request '409': content: @@ -29145,22 +16937,7 @@ paths: message: An error message describing what went wrong statusCode: 409 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_409' description: Conflict summary: Delete an agentless policy tags: @@ -29265,373 +17042,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - maxItems: 10000 - type: array - nextSearchAfter: - type: string - page: - type: number - perPage: - type: number - pit: - type: string - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_400' description: A bad request. summary: Get agents tags: @@ -29661,52 +17078,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - maxItems: 1000 - type: array - required: - - actionIds + $ref: '#/components/schemas/ApiFleetAgents_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgents_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Post_Response_400' description: A bad request. summary: Get agents by action ids tags: @@ -29743,36 +17127,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: '#/components/schemas/ApiFleetAgents_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Delete_Response_400' description: A bad request. summary: Delete an agent tags: @@ -29807,353 +17168,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_400_1' description: A bad request. summary: Get an agent tags: @@ -30188,369 +17209,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - tags: - items: - type: string - maxItems: 10 - type: array - user_provided_metadata: - additionalProperties: {} - type: object + $ref: '#/components/schemas/ApiFleetAgents_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_400' description: A bad request. summary: Update an agent by ID tags: @@ -30586,125 +17257,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data - required: - - action + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - maxItems: 10000 - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_400' description: A bad request. summary: Create an agent action tags: @@ -30740,87 +17305,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enrollment_token: - type: string - settings: - additionalProperties: false - type: object - properties: - ca_sha256: - type: string - certificate_authorities: - type: string - elastic_agent_cert: - type: string - elastic_agent_cert_key: - type: string - elastic_agent_cert_key_passphrase: - type: string - headers: - additionalProperties: - type: string - type: object - insecure: - type: boolean - proxy_disabled: - type: boolean - proxy_headers: - additionalProperties: - type: string - type: object - proxy_url: - type: string - replace_token: - type: string - staging: - type: string - tags: - items: - type: string - maxItems: 10 - type: array - uri: - format: uri - type: string - required: - - uri - - enrollment_token + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Response_400' description: A bad request. summary: Migrate a single agent tags: @@ -30864,20 +17361,7 @@ paths: password: password username: username schema: - additionalProperties: false - nullable: true - type: object - properties: - user_info: - additionalProperties: false - type: object - properties: - groupname: - type: string - password: - type: string - username: - type: string + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Request' responses: '200': content: @@ -30887,21 +17371,7 @@ paths: value: actionId: actionId schema: - anyOf: - - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -30911,22 +17381,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_400' description: A bad request. summary: Change agent privilege level tags: @@ -30963,42 +17418,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: {} + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Response_400' description: A bad request. summary: Reassign an agent tags: @@ -31034,50 +17466,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - maxItems: 1 - type: array + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Response_400' description: A bad request. summary: Request agent diagnostics tags: @@ -31119,21 +17520,7 @@ paths: value: actionId: actionId schema: - anyOf: - - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -31143,22 +17530,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_400' description: A bad request. summary: Rollback an agent tags: @@ -31195,14 +17567,7 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean + $ref: '#/components/schemas/ApiFleetAgentsUnenroll_Post_Request' responses: {} summary: Unenroll an agent tags: @@ -31238,48 +17603,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: {} + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Response_400' description: A bad request. summary: Upgrade an agent tags: @@ -31309,67 +17645,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_400' description: A bad request. summary: Get agent uploads tags: @@ -31422,134 +17704,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - is_automatic: - type: boolean - latestErrors: - items: - additionalProperties: false - description: latest errors that happened when the agents executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - maxItems: 10 - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - - MIGRATE - - PRIVILEGE_LEVEL_CHANGE - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_400' description: A bad request. summary: Get an agent action status tags: @@ -31586,74 +17747,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - maxItems: 10000 - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_400' description: A bad request. summary: Cancel an agent action tags: @@ -31678,37 +17778,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsAvailableVersions_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsAvailableVersions_Get_Response_400' description: A bad request. summary: Get available agent versions tags: @@ -31739,95 +17815,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - enrollment_token: - type: string - settings: - additionalProperties: false - type: object - properties: - ca_sha256: - type: string - certificate_authorities: - type: string - elastic_agent_cert: - type: string - elastic_agent_cert_key: - type: string - elastic_agent_cert_key_passphrase: - type: string - headers: - additionalProperties: - type: string - type: object - insecure: - type: boolean - proxy_disabled: - type: boolean - proxy_headers: - additionalProperties: - type: string - type: object - proxy_url: - type: string - staging: - type: string - tags: - items: - type: string - maxItems: 10 - type: array - uri: - format: uri - type: string - required: - - agents - - uri - - enrollment_token + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Response_400' description: A bad request. summary: Migrate multiple agents tags: @@ -31866,30 +17866,7 @@ paths: password: password username: username schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - user_info: - additionalProperties: false - type: object - properties: - groupname: - type: string - password: - type: string - username: - type: string - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request' responses: '200': content: @@ -31899,13 +17876,7 @@ paths: value: actionId: actionId schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -31915,22 +17886,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_400' description: A bad request. summary: Bulk change agent privilege level tags: @@ -31962,59 +17918,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Response_400' description: A bad request. summary: Bulk reassign agents tags: @@ -32045,60 +17961,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - maxItems: 1 - type: array - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Response_400' description: A bad request. summary: Bulk request diagnostics from agents tags: @@ -32137,23 +18012,7 @@ paths: batchSize: 100 includeInactive: false schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request' responses: '200': content: @@ -32165,16 +18024,7 @@ paths: - actionId1 - actionId2 schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - maxItems: 10000 - type: array - required: - - actionIds + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -32184,22 +18034,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Response_400' description: A bad request. summary: Bulk rollback agents tags: @@ -32231,64 +18066,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: list of agent IDs - type: string - maxItems: 10000 - type: array - - description: KQL query string, leave empty to action all agents - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: When passing agents by KQL query, unenrolls inactive agents too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Response_400' description: A bad request. summary: Bulk unenroll agents tags: @@ -32319,66 +18109,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - maxItems: 10 - type: array - tagsToRemove: - items: - type: string - maxItems: 10 - type: array - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Response_400' description: A bad request. summary: Bulk update agent tags tags: @@ -32409,70 +18152,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: - type: string - required: - - agents - - version + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Response_400' description: A bad request. summary: Bulk upgrade agents tags: @@ -32509,37 +18201,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - deleted: - type: boolean - id: - type: string - required: - - id - - deleted + $ref: '#/components/schemas/ApiFleetAgentsFiles_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsFiles_Delete_Response_400' description: A bad request. summary: Delete an uploaded file tags: @@ -32574,28 +18242,13 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiFleetAgentsFiles_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsFiles_Get_Response_400' description: A bad request. summary: Get an uploaded file tags: @@ -32620,65 +18273,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. - type: object - properties: - is_action_secrets_storage_enabled: - type: boolean - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - is_ssl_secrets_storage_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - maxItems: 1 - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - maxItems: 5 - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features + $ref: '#/components/schemas/ApiFleetAgentsSetup_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsSetup_Get_Response_400' description: A bad request. summary: Get agent setup info tags: @@ -32709,50 +18310,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - maxItems: 10000 - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_400' description: A bad request. summary: Initiate agent setup tags: @@ -32788,37 +18352,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsTags_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsTags_Get_Response_400' description: A bad request. summary: Get agent tags tags: @@ -32840,40 +18380,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetCheckPermissions_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCheckPermissions_Get_Response_400' description: A bad request. summary: Check permissions tags: @@ -32922,66 +18435,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_400' description: A bad request. summary: Get cloud connectors tags: @@ -33012,127 +18472,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - accountType: - description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' - enum: - - single-account - - organization-account - type: string - cloudProvider: - description: 'The cloud provider type: aws, azure, or gcp.' - enum: - - aws - - azure - - gcp - type: string - name: - description: The name of the cloud connector. - maxLength: 255 - minLength: 1 - type: string - vars: - additionalProperties: - anyOf: - - maxLength: 1000 - type: string - - type: number - - type: boolean - - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - maxLength: 50 - type: string - value: - anyOf: - - maxLength: 1000 - type: string - - additionalProperties: false - type: object - properties: - id: - maxLength: 255 - type: string - isSecretRef: - type: boolean - required: - - isSecretRef - - id - required: - - type - - value - type: object - required: - - name - - cloudProvider - - vars + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_400' description: A bad request. summary: Create cloud connector tags: @@ -33177,34 +18529,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetCloudConnectors_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Delete_Response_400' description: A bad request. summary: Delete cloud connector (supports force deletion) tags: @@ -33235,63 +18566,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_400_1' description: A bad request. summary: Get cloud connector tags: @@ -33328,116 +18609,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - accountType: - description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' - enum: - - single-account - - organization-account - type: string - name: - description: The name of the cloud connector. - maxLength: 255 - minLength: 1 - type: string - vars: - additionalProperties: - anyOf: - - maxLength: 1000 - type: string - - type: number - - type: boolean - - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - maxLength: 50 - type: string - value: - anyOf: - - maxLength: 1000 - type: string - - additionalProperties: false - type: object - properties: - id: - maxLength: 255 - type: string - isSecretRef: - type: boolean - required: - - isSecretRef - - id - required: - - type - - value - type: object + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_400' description: A bad request. summary: Update cloud connector tags: @@ -33502,60 +18686,7 @@ paths: perPage: 20 total: 2 schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - name: - type: string - package: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - version: - type: string - required: - - name - - title - - version - policy_ids: - items: - type: string - maxItems: 10000 - type: array - updated_at: - type: string - required: - - id - - name - - policy_ids - - created_at - - updated_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200' description: 'OK: A successful request.' '400': content: @@ -33568,22 +18699,7 @@ paths: message: Cloud connector not found statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_400' description: A bad request. summary: Get cloud connector usage (package policies using the connector) tags: @@ -33609,97 +18725,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - maxItems: 10000 - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - maxItems: 10000 - type: array - required: - - data_streams + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_400' description: A bad request. summary: Get data streams tags: @@ -33741,111 +18773,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - maxItems: 10000 - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_400' description: A bad request. summary: Get enrollment API keys tags: @@ -33875,84 +18809,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_400' description: A bad request. summary: Create an enrollment API key tags: @@ -33989,36 +18858,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Delete_Response_400' description: A bad request. summary: Revoke an enrollment API key tags: @@ -34047,63 +18893,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_400_1' description: A bad request. summary: Get an enrollment API key tags: @@ -34134,85 +18930,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - assetIds + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_400' description: A bad request. summary: Bulk get assets tags: @@ -34247,53 +18977,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_400' description: A bad request. summary: Get package categories tags: @@ -34324,138 +19014,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - maxItems: 10 - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_400' description: A bad request. summary: Create a custom integration tags: @@ -34491,18 +19062,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - categories: - items: - type: string - maxItems: 10 - type: array - readMeData: - type: string - required: - - readMeData + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Put_Request' responses: '200': description: 'OK: A successful request.' @@ -34510,22 +19070,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Put_Response_400' description: A bad request. summary: Update a custom integration tags: @@ -34581,43 +19126,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_400' description: A bad request. summary: Get data streams tags: @@ -34662,471 +19177,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - id - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400' description: A bad request. summary: Get packages tags: @@ -35175,103 +19232,13 @@ paths: content: application/gzip; application/zip: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200' description: 'OK: A successful request.' '400': content: application/gzip; application/zip: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_400' description: A bad request. summary: Install a package by upload tags: @@ -35307,171 +19274,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_400' description: A bad request. summary: Bulk install packages tags: @@ -35507,24 +19322,7 @@ paths: packages: - name: system schema: - additionalProperties: false - type: object - properties: - packages: - items: - additionalProperties: false - type: object - properties: - name: - description: Package name to rollback - type: string - required: - - name - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Request' responses: '200': content: @@ -35534,13 +19332,7 @@ paths: value: taskId: taskId schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -35550,22 +19342,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Response_400' description: A bad request. summary: Bulk rollback packages tags: @@ -35600,43 +19377,7 @@ paths: value: status: success schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200' description: 'OK: A successful request.' '400': content: @@ -35646,22 +19387,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_400' description: A bad request. summary: Get Bulk rollback packages details tags: @@ -35692,62 +19418,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - additionalProperties: false - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Response_400' description: A bad request. summary: Bulk uninstall packages tags: @@ -35778,64 +19461,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_400' description: A bad request. summary: Get Bulk uninstall packages details tags: @@ -35866,66 +19498,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - additionalProperties: false - type: object - properties: - name: - type: string - version: - type: string - required: - - name - maxItems: 1000 - minItems: 1 - type: array - prerelease: - type: boolean - upgrade_package_policies: - default: false - type: boolean - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Response_400' description: A bad request. summary: Bulk upgrade packages tags: @@ -35956,64 +19541,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_400' description: A bad request. summary: Get Bulk upgrade packages details tags: @@ -36060,91 +19594,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_400' description: A bad request. summary: Delete a package tags: @@ -36191,538 +19647,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - maxItems: 100 - type: array - asset_types: - items: - type: string - maxItems: 10 - type: array - text: - type: string - required: - - text - maxItems: 1000 - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - required: - - item + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400_1' description: A bad request. summary: Get a package tags: @@ -36785,118 +19716,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_400_1' description: A bad request. summary: Install a package from the registry tags: @@ -36936,542 +19768,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - maxItems: 100 - type: array - asset_types: - items: - type: string - maxItems: 10 - type: array - text: - type: string - required: - - text - maxItems: 1000 - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - assets - required: - - item + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_400' description: A bad request. summary: Update package settings tags: @@ -37516,22 +19825,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400_2' description: A bad request. summary: Get a package file tags: @@ -37578,34 +19872,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesDatastreamAssets_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesDatastreamAssets_Delete_Response_400' description: A bad request. summary: Delete assets for an input package tags: @@ -37647,34 +19920,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Delete_Response_400' description: A bad request. summary: Delete Kibana assets for a package tags: @@ -37714,52 +19966,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - space_ids: - description: When provided install assets in the specified spaces instead of the current space. - items: - type: string - maxItems: 100 - minItems: 1 - type: array + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Response_400' description: A bad request. summary: Install Kibana assets for a package tags: @@ -37800,45 +20019,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Response_400' description: A bad request. summary: Install Kibana alert rule for a package tags: @@ -37876,41 +20069,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - maxItems: 1000 - type: array - required: - - transforms + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -37918,22 +20084,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Response_400' description: A bad request. summary: Authorize transforms tags: @@ -37982,16 +20133,7 @@ paths: success: true version: 1.0.0 schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - version: - type: string - required: - - version - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -38001,22 +20143,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesRollback_Post_Response_400' description: A bad request. summary: Rollback a package to previous version tags: @@ -38047,43 +20174,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - package_policy_count: - type: number - required: - - agent_policy_count - - package_policy_count - required: - - response + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_400' description: A bad request. summary: Get package stats tags: @@ -38154,103 +20251,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - maxItems: 10000 - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - maxItems: 10000 - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - maxItems: 2 - type: array - total: - type: number - required: - - items - - total + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_400' description: A bad request. summary: Get installed packages tags: @@ -38275,37 +20282,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackagesLimited_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesLimited_Get_Response_400' description: A bad request. summary: Get a limited package list tags: @@ -38360,70 +20343,13 @@ paths: content: application/json: schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - maxItems: 10000 - type: array - type: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - inputs + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_400' description: A bad request. summary: Get an inputs template tags: @@ -38448,35 +20374,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetEpmVerificationKeyId_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmVerificationKeyId_Get_Response_400' description: A bad request. summary: Get a package signature verification key ID tags: @@ -38501,149 +20405,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_400' description: A bad request. summary: Get Fleet Server hosts tags: @@ -38673,245 +20441,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_400' description: A bad request. summary: Create a Fleet Server host tags: @@ -38948,34 +20490,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Delete_Response_400' description: A bad request. summary: Delete a Fleet Server host tags: @@ -39004,137 +20525,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_400_1' description: A bad request. summary: Get a Fleet Server host tags: @@ -39169,238 +20566,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - proxy_id + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_400' description: A bad request. summary: Update a Fleet Server host tags: @@ -39431,71 +20609,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - host_id: - type: string - name: - type: string - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_404' description: Not found. summary: Check Fleet Server health tags: @@ -39535,34 +20667,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetKubernetes_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetes_Get_Response_400' description: A bad request. summary: Get a full K8s agent manifest tags: @@ -39608,43 +20719,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetesDownload_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetesDownload_Get_Response_404' description: Not found. summary: Download an agent manifest tags: @@ -39676,34 +20757,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key + $ref: '#/components/schemas/ApiFleetLogstashApiKeys_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetLogstashApiKeys_Post_Response_400' description: A bad request. summary: Generate a Logstash API key tags: @@ -39741,55 +20801,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_400' description: A bad request. '500': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_500' description: An internal server error. summary: Rotate a Fleet message signing key pair tags: @@ -39814,798 +20838,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_400' description: A bad request. summary: Get outputs tags: @@ -40635,1544 +20874,19 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_400' description: A bad request. summary: Create output tags: @@ -42209,55 +20923,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_404' description: Not found. summary: Delete output tags: @@ -42286,786 +20964,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_400_1' description: A bad request. summary: Get output tags: @@ -43100,1523 +21005,19 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_400' description: A bad request. summary: Update output tags: @@ -44646,43 +21047,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp + $ref: '#/components/schemas/ApiFleetOutputsHealth_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputsHealth_Get_Response_400' description: A bad request. summary: Get the latest output health tags: @@ -44745,477 +21116,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_400' description: A bad request. summary: Get package policies tags: @@ -45251,971 +21158,25 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - maxItems: 1000 - type: array - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Deprecated. Use policy_ids instead. - nullable: true - type: string - policy_ids: - description: IDs of the agent policies which that package policy will be added to. - items: - type: string - maxItems: 1000 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package - description: You should use inputs as an object and not use the deprecated inputs array. + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_400' description: A bad request. '409': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_409' description: A conflict occurred. summary: Create a package policy tags: @@ -46252,498 +21213,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - ignoreMissing: - type: boolean - required: - - ids + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_404' description: Not found. summary: Bulk get package policies tags: @@ -46791,34 +21279,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetPackagePolicies_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Delete_Response_400' description: A bad request. summary: Delete a package policy tags: @@ -46855,477 +21322,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_400_1' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_404' description: Not found. summary: Get a package policy tags: @@ -47368,963 +21377,25 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - maxItems: 100 - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Deprecated. Use policy_ids instead. - nullable: true - type: string - policy_ids: - description: IDs of the agent policies which that package policy will be added to. - items: - type: string - maxItems: 1000 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_400' description: A bad request. '403': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_403' description: Forbidden. summary: Update a package policy tags: @@ -48355,104 +21426,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - maxItems: 10000 - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -48460,22 +21441,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_400' description: A bad request. summary: Bulk delete package policies tags: @@ -48506,44 +21472,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -48551,22 +21487,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_400' description: A bad request. summary: Upgrade a package policy tags: @@ -48597,905 +21518,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - packageVersion: - type: string - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - maxItems: 10000 - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - data_stream - maxItems: 10000 - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - maxItems: 10000 - type: array - maxItems: 1 - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: true - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - maxItems: 10 - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - maxItems: 100 - type: array - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - maxItems: 2 - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -49503,22 +21533,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_400' description: A bad request. summary: Dry run a package policy upgrade tags: @@ -49543,78 +21558,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_400' description: A bad request. summary: Get proxies tags: @@ -49644,103 +21594,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name + $ref: '#/components/schemas/ApiFleetProxies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_400' description: A bad request. summary: Create a proxy tags: @@ -49777,34 +21643,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetProxies_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Delete_Response_400' description: A bad request. summary: Delete a proxy tags: @@ -49833,66 +21678,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_400_1' description: A bad request. summary: Get a proxy tags: @@ -49927,99 +21719,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - certificate_authorities - - certificate - - certificate_key + $ref: '#/components/schemas/ApiFleetProxies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_400' description: A bad request. summary: Update a proxy tags: @@ -50044,112 +21756,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - action_secret_storage_requirements_met: - type: boolean - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - ilm_migration_status: - additionalProperties: false - type: object - properties: - logs: - enum: - - success - nullable: true - type: string - metrics: - enum: - - success - nullable: true - type: string - synthetics: - enum: - - success - nullable: true - type: string - integration_knowledge_enabled: - type: boolean - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - maxItems: 1 - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - ssl_secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_404' description: Not found. summary: Get settings tags: @@ -50179,151 +21798,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - deprecated: true - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - deprecated: true - type: boolean - integration_knowledge_enabled: - type: boolean - kibana_ca_sha256: - deprecated: true - type: string - kibana_urls: - deprecated: true - items: - format: uri - type: string - maxItems: 10 - type: array - prerelease_integrations_enabled: - type: boolean + $ref: '#/components/schemas/ApiFleetSettings_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - action_secret_storage_requirements_met: - type: boolean - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - ilm_migration_status: - additionalProperties: false - type: object - properties: - logs: - enum: - - success - nullable: true - type: string - metrics: - enum: - - success - nullable: true - type: string - synthetics: - enum: - - success - nullable: true - type: string - integration_knowledge_enabled: - type: boolean - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - maxItems: 1 - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - ssl_secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_404' description: Not found. summary: Update settings tags: @@ -50355,63 +21848,19 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - maxItems: 10000 - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_400' description: A bad request. '500': content: application/json: schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_500' description: An internal server error occurred. summary: Initiate Fleet setup tags: @@ -50428,24 +21877,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 100 - type: array - managed_by: - type: string - required: - - allowed_namespace_prefixes - required: - - item + $ref: '#/components/schemas/ApiFleetSpaceSettings_Get_Response_200' description: 'OK: A successful request.' summary: Get space settings tags: [] @@ -50481,37 +21913,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 10 - type: array + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 100 - type: array - managed_by: - type: string - required: - - allowed_namespace_prefixes - required: - - item + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Response_200' description: 'OK: A successful request.' summary: Create space settings tags: [] @@ -50562,66 +21970,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_400' description: A bad request. summary: Get metadata for latest uninstall tokens tags: @@ -50651,57 +22006,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_400_1' description: A bad request. summary: Get a decrypted uninstall token tags: @@ -50777,9 +22088,7 @@ paths: message: '[request query]: id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Delete_Response_400' description: Invalid input data response '401': content: @@ -50882,9 +22191,7 @@ paths: message: '[request query]: id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Get_Response_400' description: Invalid input data response '401': content: @@ -50952,25 +22259,7 @@ paths: content: application/json: schema: - example: - id: ip_list - name: Bad ips list - UPDATED - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' - required: - - id + $ref: '#/components/schemas/ApiLists_Patch_Request' description: Value list's properties required: true responses: @@ -51006,9 +22295,7 @@ paths: message: '[request body]: name: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Patch_Response_400' description: Invalid input data response '401': content: @@ -51103,30 +22390,7 @@ paths: serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) type: keyword schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - $ref: '#/components/schemas/Security_Lists_API_ListSerializer' - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type + $ref: '#/components/schemas/ApiLists_Post_Request' description: Value list's properties required: true responses: @@ -51208,9 +22472,7 @@ paths: message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Post_Response_400' description: Invalid input data response '401': content: @@ -51280,28 +22542,7 @@ paths: content: application/json: schema: - example: - description: Latest list of bad ips - id: ip_list - name: Bad ips - updated - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' - required: - - id - - name - - description + $ref: '#/components/schemas/ApiLists_Put_Request' description: Value list's properties required: true responses: @@ -51337,9 +22578,7 @@ paths: message: '[request body]: id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Put_Response_400' description: Invalid input data response '401': content: @@ -51481,29 +22720,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor + $ref: '#/components/schemas/ApiListsFind_Get_Response_200' description: Successful response '400': content: @@ -51515,9 +22732,7 @@ paths: message: '[request query]: page: Expected number, received nan' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -51576,20 +22791,13 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiListsIndex_Delete_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Delete_Response_400' description: Invalid input data response '401': content: @@ -51647,23 +22855,13 @@ paths: content: application/json: schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index + $ref: '#/components/schemas/ApiListsIndex_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Get_Response_400' description: Invalid input data response '401': content: @@ -51721,20 +22919,13 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiListsIndex_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Post_Response_400' description: Invalid input data response '401': content: @@ -51845,11 +23036,7 @@ paths: updated_by: elastic value: 255.255.255.255 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array + $ref: '#/components/schemas/ApiListsItems_Delete_Response_200' description: Successful response '400': content: @@ -51860,9 +23047,7 @@ paths: message: Either \"list_id\" or \"id\" needs to be defined in the request status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Delete_Response_400' description: Invalid input data response '401': content: @@ -51965,11 +23150,7 @@ paths: updated_by: elastic value: 127.0.0.2 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array + $ref: '#/components/schemas/ApiListsItems_Get_Response_200' description: Successful response '400': content: @@ -51980,9 +23161,7 @@ paths: message: Either \"list_id\" or \"id\" needs to be defined in the request status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Get_Response_400' description: Invalid input data response '401': content: @@ -52050,28 +23229,7 @@ paths: content: application/json: schema: - example: - id: pd1WRJQBs4HAK3VQeHFI - value: 255.255.255.255 - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: Determines when changes made by the request are made visible to search. - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id + $ref: '#/components/schemas/ApiListsItems_Patch_Request' description: Value list item's properties required: true responses: @@ -52104,9 +23262,7 @@ paths: message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}' status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Patch_Response_400' description: Invalid input data response '401': content: @@ -52191,27 +23347,7 @@ paths: list_id: keyword_list value: zeek schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: Determines when changes made by the request are made visible to search. - enum: - - 'true' - - 'false' - - wait_for - example: wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value + $ref: '#/components/schemas/ApiListsItems_Post_Request' description: Value list item's properties required: true responses: @@ -52271,9 +23407,7 @@ paths: message: uri [/api/lists/items] with method [post] exists but is not available with the current configuration statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Post_Response_400' description: Invalid input data response '401': content: @@ -52357,19 +23491,7 @@ paths: id: ip_item value: 255.255.255.255 schema: - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value + $ref: '#/components/schemas/ApiListsItems_Put_Request' description: Value list item's properties required: true responses: @@ -52403,9 +23525,7 @@ paths: message: '[request body]: id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Put_Response_400' description: Invalid input data response '401': content: @@ -52505,9 +23625,7 @@ paths: error: 'Bad Request","message":"[request query]: list_id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsExport_Post_Response_400' description: Invalid input data response '401': content: @@ -52643,29 +23761,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor + $ref: '#/components/schemas/ApiListsItemsFind_Get_Response_200' description: Successful response '400': content: @@ -52677,9 +23773,7 @@ paths: message: '[request query]: list_id: Required' statusCode: 400, schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -52795,22 +23889,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: A `.txt` or `.csv` file containing newline separated list items. - example: | - 127.0.0.1 - 127.0.0.2 - 127.0.0.3 - 127.0.0.4 - 127.0.0.5 - 127.0.0.6 - 127.0.0.7 - 127.0.0.8 - 127.0.0.9 - format: binary - type: string + $ref: '#/components/schemas/ApiListsItemsImport_Post_Request' required: true responses: '200': @@ -52844,9 +23923,7 @@ paths: message: Either type or list_id need to be defined in the query status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsImport_Post_Response_400' description: Invalid input data response '401': content: @@ -52971,26 +24048,13 @@ paths: write: true username: elastic schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated + $ref: '#/components/schemas/ApiListsPrivileges_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsPrivileges_Get_Response_400' description: Invalid input data response '401': content: @@ -53062,218 +24126,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. - type: string - required: - - kql - required: - - query - required: - - alerting - title: - description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. - type: string - required: - - title - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -53355,139 +24214,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - maintenanceWindows: - items: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule - type: array - page: - type: number - per_page: - type: number - total: - type: number - required: - - page - - per_page - - total - - maintenanceWindows + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -53563,122 +24290,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -53720,215 +24332,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. - type: string - required: - - kql - required: - - query - required: - - alerting - title: - description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. - type: string + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -53975,122 +24385,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -54135,122 +24430,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -54413,24 +24593,7 @@ paths: content: application/json: schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds + $ref: '#/components/schemas/ApiNote_Delete_Request' description: The ID of the note to delete. required: true responses: @@ -54527,23 +24690,7 @@ paths: content: application/json: schema: - type: object - properties: - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - description: The note to add or update. - noteId: - description: The `savedObjectId` of the note - example: 709f99c6-89b6-4953-9160-35945c8e174e - nullable: true - type: string - version: - description: The version of the note - example: WzQ2LDFd - nullable: true - type: string - required: - - note + $ref: '#/components/schemas/ApiNote_Patch_Request' description: The note to add or update, along with additional metadata. required: true responses: @@ -54583,41 +24730,7 @@ paths: chatCompleteRequestExample: $ref: '#/components/schemas/Observability_AI_Assistant_API_ChatCompleteRequestExample' schema: - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Function' - type: array - connectorId: - description: A unique identifier for the connector. - type: string - conversationId: - description: A unique identifier for the conversation if you are continuing an existing conversation. - type: string - disableFunctions: - description: Flag indicating whether all function calls should be disabled for the conversation. If true, no calls to functions will be made. - type: boolean - instructions: - description: An array of instruction objects, which can be either simple strings or detailed objects. - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction' - type: array - messages: - description: An array of message objects containing the conversation history. - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Message' - type: array - persist: - description: Indicates whether the conversation should be saved to storage. If true, the conversation will be saved and will be available in Kibana. - type: boolean - title: - description: A title for the conversation. - type: string - required: - - messages - - connectorId - - persist + $ref: '#/components/schemas/ApiObservabilityAiAssistantChatComplete_Post_Request' responses: '200': content: @@ -54626,7 +24739,7 @@ paths: chatCompleteResponseExample: $ref: '#/components/schemas/Observability_AI_Assistant_API_ChatCompleteResponseExample' schema: - type: object + $ref: '#/components/schemas/ApiObservabilityAiAssistantChatComplete_Post_Response_200' description: Successful response summary: Generate a chat completion tags: @@ -54940,9 +25053,7 @@ paths: content: application/json: schema: - example: {} - type: object - properties: {} + $ref: '#/components/schemas/ApiOsqueryPacks_Delete_Response_200' description: OK summary: Delete a pack tags: @@ -55201,24 +25312,7 @@ paths: content: application/json: schema: - type: object - properties: - eventId: - description: The `_id` of the associated event for this pinned event. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - type: string - pinnedEventId: - description: The `savedObjectId` of the pinned event you want to unpin. - example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 - nullable: true - type: string - timelineId: - description: The `savedObjectId` of the timeline that you want this pinned event unpinned from. - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - eventId - - timelineId + $ref: '#/components/schemas/ApiPinnedEvent_Patch_Request' description: The pinned event to add or unpin, along with additional metadata. required: true responses: @@ -55250,10 +25344,7 @@ paths: content: application/json: schema: - type: object - properties: - cleanup_successful: - type: boolean + $ref: '#/components/schemas/ApiRiskScoreEngineDangerouslyDeleteData_Delete_Response_200' description: Successful response '400': content: @@ -55288,54 +25379,14 @@ paths: content: application/json: schema: - type: object - properties: - enable_reset_to_zero: - type: boolean - exclude_alert_statuses: - items: - type: string - type: array - exclude_alert_tags: - items: - type: string - type: array - filters: - items: - type: object - properties: - entity_types: - items: - enum: - - host - - user - - service - type: string - type: array - filter: - description: KQL filter string - type: string - required: - - entity_types - - filter - type: array - range: - type: object - properties: - end: - type: string - start: - type: string + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - risk_engine_saved_object_configured: - type: boolean + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Response_200' description: Successful response '400': content: @@ -55430,66 +25481,7 @@ paths: - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 type: map schema: - additionalProperties: false - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - hasReference: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - includeReferencesDeep: - default: false - description: Includes all of the referenced objects in the exported objects. - type: boolean - objects: - description: 'A list of objects to export. NOTE: this optional parameter cannot be combined with the `types` option' - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - maxItems: 10000 - type: array - search: - description: Search for documents to export using the Elasticsearch Simple Query String syntax. - type: string - type: - anyOf: - - type: string - - items: - type: string - type: array - description: The saved object types to include in the export. Use `*` to export all the types. Valid options depend on enabled plugins, but may include `visualization`, `dashboard`, `search`, `index-pattern`, `tag`, `config`, `config-global`, `lens`, `map`, `event-annotation-group`, `query`, `url`, `action`, `alert`, `alerting_rule_template`, `apm-indices`, `cases-user-actions`, `cases`, `cases-comments`, `infrastructure-monitoring-log-view`, `ml-trained-model`, `osquery-saved-query`, `osquery-pack`, `osquery-pack-asset`. + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request' responses: '200': content: @@ -55528,22 +25520,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Indicates an unsuccessful response. - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Response_400' description: Bad request. summary: Export saved objects tags: @@ -55601,14 +25578,7 @@ paths: value: file: file.ndjson schema: - additionalProperties: false - type: object - properties: - file: - description: 'A file exported using the export API. Changing the contents of the exported file in any way before importing it can cause errors, crashes or data loss. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.' - type: object - required: - - file + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Request' responses: '200': content: @@ -55628,61 +25598,13 @@ paths: title: Kibana Sample Data Logs type: index-pattern schema: - additionalProperties: false - type: object - properties: - errors: - description: |- - Indicates the import was unsuccessful and specifies the objects that failed to import. - - NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. - items: - additionalProperties: true - type: object - properties: {} - type: array - success: - description: Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: number - successResults: - description: |- - Indicates the objects that are successfully imported, with any metadata if applicable. - - NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. - items: - additionalProperties: true - type: object - properties: {} - type: array - required: - - success - - successCount - - errors - - successResults + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200' description: Indicates a successful call. '400': content: application/json: schema: - additionalProperties: false - description: Indicates an unsuccessful response. - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_400' description: Bad request. summary: Import saved objects tags: @@ -55713,55 +25635,7 @@ paths: content: application/json: schema: - example: - create: - - allowed: true - anonymized: false - field: host.name - - allowed: false - anonymized: true - field: user.name - delete: - ids: - - field5 - - field6 - query: 'field: host.name' - update: - - allowed: true - anonymized: false - id: field8 - - allowed: false - anonymized: true - id: field9 - type: object - properties: - create: - description: Array of anonymization fields to create. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' - type: array - delete: - description: Object containing the query to filter anonymization fields and/or an array of anonymization field IDs to delete. - type: object - properties: - ids: - description: Array of IDs to apply the action to. - example: - - '1234' - - '5678' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter the bulk action. - example: 'status: ''inactive''' - type: string - update: - description: Array of anonymization fields to update. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request' responses: '200': content: @@ -55817,17 +25691,7 @@ paths: message: Invalid request body statusCode: 400 schema: - type: object - properties: - error: - description: Error type or name. - type: string - message: - description: Detailed error message. - type: string - statusCode: - description: Status code of the response. - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Response_400' description: Generic Error summary: Apply a bulk action to anonymization fields tags: @@ -55945,54 +25809,7 @@ paths: perPage: 20 total: 100 schema: - type: object - properties: - aggregations: - type: object - properties: - field_status: - type: object - properties: - buckets: - type: object - properties: - allowed: - type: object - properties: - doc_count: - default: 0 - type: integer - anonymized: - type: object - properties: - doc_count: - default: 0 - type: integer - denied: - type: object - properties: - doc_count: - default: 0 - type: integer - all: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' - type: array - data: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200' description: Successful response '400': content: @@ -56002,14 +25819,7 @@ paths: message: Invalid request parameters statusCode: 400 schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_400' description: Generic Error summary: Get anonymization fields tags: @@ -56073,20 +25883,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - description: Error type. - example: Bad Request - type: string - message: - description: Human-readable error message. - example: Invalid request payload. - type: string - statusCode: - description: HTTP status code. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantChatComplete_Post_Response_400' description: Generic Error summary: Create a model response tags: @@ -56109,16 +25906,7 @@ paths: content: application/json: schema: - type: object - properties: - excludedIds: - description: Optional list of conversation IDs to delete. - example: - - abc123 - - def456 - items: - type: string - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Request' required: false responses: '200': @@ -56127,34 +25915,13 @@ paths: example: success: true schema: - type: object - properties: - failures: - items: - type: string - type: array - success: - example: true - type: boolean - totalDeleted: - example: 10 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_200' description: Indicates a successful call. The conversations were deleted successfully. '400': content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400' description: Generic Error. This response indicates an issue with the request. summary: Delete conversations tags: @@ -56219,17 +25986,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Missing required parameter: title' - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Post_Response_400' description: Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data. summary: Create a conversation tags: @@ -56313,46 +26070,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: A list of conversations. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' - type: array - page: - description: The current page of the results. - example: 1 - type: integer - perPage: - description: The number of results returned per page. - example: 20 - type: integer - total: - description: The total number of conversations matching the filter criteria. - example: 100 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_200' description: Successful response, returns a paginated list of conversations matching the specified criteria. '400': content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid filter query parameter - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_400' description: Generic Error. The request could not be processed due to an invalid query parameter or other issue. summary: Get conversations tags: @@ -56408,17 +26132,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400_1' description: Generic Error. This response indicates an issue with the request. summary: Delete a conversation tags: @@ -56473,17 +26187,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Get_Response_400' description: Generic Error. The request could not be processed due to an error. summary: Get a conversation tags: @@ -56556,17 +26260,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Missing required field: title' - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Put_Response_400' description: Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data. summary: Update a conversation tags: @@ -56848,42 +26542,7 @@ paths: content: application/json: schema: - type: object - properties: - create: - description: List of Knowledge Base Entries to create. - example: - - content: This is the content of the new entry. - title: New Entry - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' - type: array - delete: - type: object - properties: - ids: - description: Array of Knowledge Base Entry IDs. - example: - - '123' - - '456' - - '789' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter Knowledge Base Entries. - example: status:active AND category:technology - type: string - update: - description: List of Knowledge Base Entries to update. - example: - - content: Updated content. - id: '123' - title: Updated Entry - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request' responses: '200': content: @@ -56970,49 +26629,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: The list of Knowledge Base Entries for the current page. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' - type: array - page: - description: The current page number. - example: 1 - type: integer - perPage: - description: The number of Knowledge Base Entries returned per page. - example: 20 - type: integer - total: - description: The total number of Knowledge Base Entries available. - example: 100 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_200' description: Successful response containing the paginated Knowledge Base Entries. '400': content: application/json: schema: - type: object - properties: - error: - description: A short description of the error. - example: Bad Request - type: string - message: - description: A detailed message explaining the error. - example: 'Invalid query parameter: sort_order' - type: string - statusCode: - description: The HTTP status code of the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_400' description: Generic Error indicating an issue with the request. summary: Finds Knowledge Base Entries that match the given query. tags: @@ -57202,35 +26825,7 @@ paths: - content: Updated content for security prompt. id: prompt123 schema: - type: object - properties: - create: - description: List of prompts to be created. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' - type: array - delete: - description: Criteria for deleting prompts in bulk. - type: object - properties: - ids: - description: Array of IDs to apply the action to. - example: - - '1234' - - '5678' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter the bulk action. - example: 'status: ''inactive''' - type: string - update: - description: List of prompts to be updated. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Request' responses: '200': content: @@ -57274,20 +26869,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - description: A short error message. - example: Bad Request - type: string - message: - description: A detailed error message. - example: Invalid prompt ID or missing required fields. - type: string - statusCode: - description: The HTTP status code for the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Response_400' description: Indicates a generic error due to a bad request. summary: Apply a bulk action to prompts tags: @@ -57361,74 +26943,13 @@ paths: content: application/json: schema: - example: - data: - - categories: - - troubleshooting - - logging - color: '#FF5733' - consumer: security - content: If you encounter an error, check the logs and retry. - createdAt: '2025-04-20T21:00:00Z' - createdBy: jdoe - id: prompt-123 - isDefault: true - isNewConversationDefault: false - name: Error Troubleshooting Prompt - namespace: default - promptType: standard - timestamp: '2025-04-30T22:30:00Z' - updatedAt: '2025-04-30T22:45:00Z' - updatedBy: jdoe - users: - - full_name: John Doe - username: jdoe - page: 1 - perPage: 20 - total: 142 - type: object - properties: - data: - description: The list of prompts returned based on the search query, sorting, and pagination. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - page: - description: Current page number. - example: 1 - type: integer - perPage: - description: Number of prompts per page. - example: 20 - type: integer - total: - description: Total number of prompts matching the query. - example: 142 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsFind_Get_Response_200' description: Successful response containing a list of prompts. '400': content: application/json: schema: - type: object - properties: - error: - description: Short error message. - example: Bad Request - type: string - message: - description: Detailed description of the error. - example: Invalid sort order value provided. - type: string - statusCode: - description: HTTP status code for the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsFind_Get_Response_400' description: Bad request due to invalid parameters or malformed query. summary: Get prompts tags: @@ -57470,35 +26991,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - filters: - additionalProperties: false - type: object - properties: - showReservedRoles: - type: boolean - from: - type: number - query: - type: string - size: - type: number - sort: - additionalProperties: false - type: object - properties: - direction: - enum: - - asc - - desc - type: string - field: - type: string - required: - - field - - direction + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request' responses: '200': description: Indicates a successful call. @@ -57588,194 +27081,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: Cluster privileges that define the cluster level actions that users can perform. - type: string - maxItems: 100 - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that the role members have for the data streams and indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. - type: string - required: - - names - - privileges - maxItems: 1000 - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. - type: string - maxItems: 100 - minItems: 1 - type: array - required: - - privileges - - clusters - maxItems: 100 - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. - type: boolean - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that role members have for the specified indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' - type: string - required: - - clusters - - names - - privileges - maxItems: 1000 - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - maxItems: 100 - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: A base privilege that grants applies to all spaces. - type: string - maxItems: 50 - type: array - - items: - description: A base privilege that applies to specific spaces. - type: string - maxItems: 50 - type: array - feature: - additionalProperties: - items: - description: The privileges that the role member has for the feature. - type: string - maxItems: 100 - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - maxItems: 1000 - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch + $ref: '#/components/schemas/ApiSecurityRole_Put_Request' responses: '204': description: Indicates a successful call. @@ -57800,202 +27106,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: Cluster privileges that define the cluster level actions that users can perform. - type: string - maxItems: 100 - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that the role members have for the data streams and indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. - type: string - required: - - names - - privileges - maxItems: 1000 - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. - type: string - maxItems: 100 - minItems: 1 - type: array - required: - - privileges - - clusters - maxItems: 100 - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. - type: boolean - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that role members have for the specified indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' - type: string - required: - - clusters - - names - - privileges - maxItems: 1000 - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - maxItems: 100 - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: A base privilege that grants applies to all spaces. - type: string - maxItems: 50 - type: array - - items: - description: A base privilege that applies to specific spaces. - type: string - maxItems: 50 - type: array - feature: - additionalProperties: - items: - description: The privileges that the role member has for the feature. - type: string - maxItems: 100 - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - maxItems: 1000 - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request' responses: '200': description: Indicates a successful call. @@ -58069,41 +27180,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - maxItems: 100 - type: array - id: - description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. - type: string - imageUrl: - description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. - type: string - initials: - description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiSpacesSpace_Post_Request' examples: createSpaceRequest: $ref: '#/components/examples/create_space_request' @@ -58188,41 +27265,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - maxItems: 100 - type: array - id: - description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. - type: string - imageUrl: - description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. - type: string - initials: - description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiSpacesSpace_Put_Request' examples: updateSpaceRequest: $ref: '#/components/examples/update_space_request' @@ -58256,19 +27299,13 @@ paths: content: application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' - description: Kibana's operational status. A minimal response is sent for unauthorized users. + $ref: '#/components/schemas/ApiStatus_Get_Response_200' description: Overall status is OK and Kibana should be functioning normally. '503': content: application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' - description: Kibana's operational status. A minimal response is sent for unauthorized users. + $ref: '#/components/schemas/ApiStatus_Get_Response_503' description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable. summary: Get Kibana's current status tags: @@ -58292,14 +27329,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Get_Request' responses: {} summary: Get stream list tags: @@ -58331,14 +27361,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsDisable_Post_Request' responses: {} summary: Disable streams tags: @@ -58370,14 +27393,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsEnable_Post_Request' responses: {} summary: Enable streams tags: @@ -58409,14 +27425,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsResync_Post_Request' responses: {} summary: Resync streams tags: @@ -58453,14 +27462,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Delete_Request' responses: {} summary: Delete a stream tags: @@ -58489,14 +27491,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Get_Request_1' responses: {} summary: Get a stream tags: @@ -58532,17246 +27527,7 @@ paths: content: application/json: schema: - anyOf: - - anyOf: - - allOf: - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - wired: - additionalProperties: false - type: object - properties: - fields: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - routing: - items: - additionalProperties: false - type: object - properties: - destination: - description: A non-empty string. - minLength: 1 - type: string - status: - enum: - - enabled - - disabled - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - destination - - where - type: array - required: - - fields - - routing - required: - - wired - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - additionalProperties: false - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: {} - - allOf: - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - classic: - additionalProperties: false - type: object - properties: - field_overrides: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - required: - - classic - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - additionalProperties: false - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: {} + $ref: '#/components/schemas/ApiStreams_Put_Request' responses: {} summary: Create or update a stream tags: @@ -75808,192 +27564,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - status: - enum: - - enabled - - disabled - type: string - stream: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - stream - - where + $ref: '#/components/schemas/ApiStreamsFork_Post_Request' responses: {} summary: Fork a stream tags: @@ -76023,14 +27594,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsIngest_Get_Request' responses: {} summary: Get ingest stream settings tags: @@ -76066,8175 +27630,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ingest: - anyOf: - - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - not: {} - required: - - steps - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - wired: - additionalProperties: false - type: object - properties: - fields: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - routing: - items: - additionalProperties: false - type: object - properties: - destination: - description: A non-empty string. - minLength: 1 - type: string - status: - enum: - - enabled - - disabled - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - destination - - where - type: array - required: - - fields - - routing - required: - - wired - - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - not: {} - required: - - steps - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - classic: - additionalProperties: false - type: object - properties: - field_overrides: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - required: - - classic - required: - - ingest + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request' responses: {} summary: Update ingest stream settings tags: @@ -84271,73 +27667,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - type: string - include: - anyOf: - - additionalProperties: false - type: object - properties: - objects: - additionalProperties: false - type: object - properties: - all: - additionalProperties: false - type: object - properties: {} - required: - - all - required: - - objects - - additionalProperties: false - type: object - properties: - objects: - additionalProperties: false - type: object - properties: - mappings: - type: boolean - queries: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - routing: - items: - allOf: - - {} - - type: object - properties: - destination: - type: string - required: - - destination - type: array - required: - - mappings - - queries - - routing - required: - - objects - name: - type: string - version: - type: string - required: - - name - - description - - version - - include + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request' responses: {} summary: Export stream content tags: @@ -84373,15 +27703,7 @@ paths: content: multipart/form-data: schema: - additionalProperties: false - type: object - properties: - content: {} - include: - type: string - required: - - include - - content + $ref: '#/components/schemas/ApiStreamsContentImport_Post_Request' responses: {} summary: Import content into a stream tags: @@ -84410,14 +27732,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsQueries_Get_Request' responses: {} summary: Get stream queries tags: @@ -84454,249 +27769,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - operations: - items: - anyOf: - - additionalProperties: false - type: object - properties: - index: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - required: - - index - - additionalProperties: false - type: object - properties: - delete: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - required: - - delete - type: array - required: - - operations + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request' responses: {} summary: Bulk update queries tags: @@ -84738,14 +27811,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request' responses: {} summary: Remove a query from a stream tags: @@ -84786,213 +27852,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - title - - kql + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request' responses: {} summary: Upsert a query to a stream tags: @@ -85043,14 +27903,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request' responses: {} summary: Read the significant events tags: @@ -85109,193 +27962,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - system: - additionalProperties: false - type: object - properties: - description: - type: string - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - type: string - type: - enum: - - system - type: string - required: - - type - - name - - description - - filter + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request' responses: {} summary: Generate significant events tags: @@ -85347,206 +28014,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - required: - - kql - required: - - query + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request' responses: {} summary: Preview significant events tags: @@ -85614,14 +28082,7 @@ paths: listAttachmentsExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request' responses: '200': content: @@ -85689,55 +28150,7 @@ paths: id: rule-456 type: rule schema: - additionalProperties: false - type: object - properties: - operations: - items: - anyOf: - - additionalProperties: false - type: object - properties: - index: - additionalProperties: false - type: object - properties: - id: - type: string - type: - enum: - - dashboard - - rule - - slo - type: string - required: - - id - - type - required: - - index - - additionalProperties: false - type: object - properties: - delete: - additionalProperties: false - type: object - properties: - id: - type: string - type: - enum: - - dashboard - - rule - - slo - type: string - required: - - id - - type - required: - - delete - type: array - required: - - operations + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request' responses: '200': content: @@ -85802,14 +28215,7 @@ paths: unlinkAttachmentExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request' responses: '200': content: @@ -85873,14 +28279,7 @@ paths: linkAttachmentExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request' responses: '200': content: @@ -85933,25 +28332,7 @@ paths: content: application/json: schema: - type: object - properties: - savedObjectIds: - description: The list of IDs of the Timelines or Timeline templates to delete - example: - - 15c1929b-0af7-42bd-85a8-56e234cc7c4e - items: - type: string - type: array - searchIds: - description: Saved search IDs that should be deleted alongside the timelines - example: - - 23f3-43g34g322-e5g5hrh6h-45454 - - 6ce1b592-84e3-4b4a-9552-f189d4b82075 - items: - type: string - type: array - required: - - savedObjectIds + $ref: '#/components/schemas/ApiTimeline_Delete_Request' description: The IDs of the Timelines or Timeline templates to delete. required: true responses: @@ -86011,25 +28392,7 @@ paths: content: application/json: schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - description: The timeline object of the Timeline or Timeline template that you’re updating. - timelineId: - description: The `savedObjectId` of the Timeline or Timeline template that you’re updating. - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - nullable: true - type: string - version: - description: The version of the Timeline or Timeline template that you’re updating. - example: WzE0LDFd - nullable: true - type: string - required: - - timelineId - - version - - timeline + $ref: '#/components/schemas/ApiTimeline_Patch_Request' description: The Timeline updates, along with the Timeline ID and version. required: true responses: @@ -86043,15 +28406,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: update timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimeline_Patch_Response_405' description: Indicates that the user does not have the required access to create a Timeline. summary: Update a Timeline tags: @@ -86073,36 +28428,7 @@ paths: content: application/json: schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - description: A unique identifier for the Timeline template. - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - nullable: true - type: string - templateTimelineVersion: - description: Timeline template version number. - example: 12 - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - description: A unique identifier for the Timeline. - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline + $ref: '#/components/schemas/ApiTimeline_Post_Request' description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided. required: true responses: @@ -86116,15 +28442,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: update timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimeline_Post_Response_405' description: Indicates that there was an error in the Timeline creation. summary: Create a Timeline or Timeline template tags: @@ -86147,15 +28465,7 @@ paths: content: application/json: schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy + $ref: '#/components/schemas/ApiTimelineCopy_Get_Request' required: true responses: '200': @@ -86198,23 +28508,13 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Get_Response_403' description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Get_Response_409' description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`. summary: Get draft Timeline or Timeline template details tags: @@ -86238,12 +28538,7 @@ paths: content: application/json: schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType + $ref: '#/components/schemas/ApiTimelineDraft_Post_Request' description: The type of Timeline to create. Valid values are `default` and `template`. required: true responses: @@ -86257,23 +28552,13 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Post_Response_403' description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Post_Response_409' description: Indicates that there is already a draft Timeline with the given `timelineId`. summary: Create a clean draft Timeline or Timeline template tags: @@ -86303,13 +28588,7 @@ paths: content: application/json: schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array + $ref: '#/components/schemas/ApiTimelineExport_Post_Request' description: The IDs of the Timelines to export. required: true responses: @@ -86324,12 +28603,7 @@ paths: content: application/ndjson: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelineExport_Post_Response_400' description: Indicates that the export size limit was exceeded. summary: Export Timelines tags: @@ -86352,25 +28626,7 @@ paths: content: application/json: schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType + $ref: '#/components/schemas/ApiTimelineFavorite_Patch_Request' description: The required fields used to favorite a (template) Timeline. required: true responses: @@ -86384,12 +28640,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelineFavorite_Patch_Response_403' description: Indicates the user does not have the required permissions to persist the favorite status. summary: Favorite a Timeline or Timeline template tags: @@ -86412,17 +28663,7 @@ paths: content: application/json: schema: - type: object - properties: - file: {} - isImmutable: - description: Whether the Timeline should be immutable - enum: - - 'true' - - 'false' - type: string - required: - - file + $ref: '#/components/schemas/ApiTimelineImport_Post_Request' description: The Timelines to import as a readable stream. required: true responses: @@ -86436,43 +28677,19 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Invalid file extension - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_400' description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Unable to find saved object client - type: string - statusCode: - example: 404 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_404' description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Could not import timelines - type: string - statusCode: - example: 409 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_409' description: Indicates the import of Timelines was unsuccessful. summary: Import Timelines tags: @@ -86495,27 +28712,7 @@ paths: content: application/json: schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines + $ref: '#/components/schemas/ApiTimelinePrepackaged_Post_Request' description: The Timelines to install or update. required: true responses: @@ -86529,12 +28726,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelinePrepackaged_Post_Response_500' description: Indicates the installation of prepackaged Timelines was unsuccessful. summary: Install prepackaged Timelines tags: @@ -86645,53 +28837,13 @@ paths: content: application/json: schema: - type: object - properties: - customTemplateTimelineCount: - description: The amount of custom Timeline templates in the results - example: 2 - type: number - defaultTimelineCount: - description: The amount of `default` type Timelines in the results - example: 90 - type: number - elasticTemplateTimelineCount: - description: The amount of Elastic's Timeline templates in the results - example: 8 - type: number - favoriteCount: - description: The amount of favorited Timelines - example: 5 - type: number - templateTimelineCount: - description: The amount of Timeline templates in the results - example: 10 - type: number - timeline: - items: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - type: array - totalCount: - description: The total amount of results - example: 100 - type: number - required: - - timeline - - totalCount + $ref: '#/components/schemas/ApiTimelines_Get_Response_200' description: Indicates that the (template) Timelines were found and returned. '400': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: get timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimelines_Get_Response_400' description: Bad request. The user supplied invalid data. summary: Get Timelines or Timeline templates tags: @@ -90120,43 +32272,14 @@ components: type: object properties: agentKey: - description: Agent key - type: object - properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - required: - - id - - name - - api_key - - encoded + $ref: '#/components/schemas/APM_UI_agent_keys_response_AgentKey' APM_UI_annotation_search_response: type: object properties: annotations: description: Annotations items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string + $ref: '#/components/schemas/APM_UI_annotation_search_response_Annotations_Item' type: array APM_UI_base_source_map_object: type: object @@ -90207,17 +32330,7 @@ components: description: The message displayed in the annotation. It defaults to `service.version`. type: string service: - description: The service that identifies the configuration to create or update. - type: object - properties: - environment: - description: The environment of the service. - type: string - version: - description: The version of the service. - type: string - required: - - version + $ref: '#/components/schemas/APM_UI_create_annotation_object_Service' tags: description: | Tags are used by the Applications UI to distinguish APM annotations from other annotations. Tags may have additional functionality in future releases. It defaults to `[apm]`. While you can add additional tags, you cannot remove the `apm` tag. @@ -90237,38 +32350,7 @@ components: description: Index type: string _source: - description: Response - type: object - properties: - '@timestamp': - type: string - annotation: - type: object - properties: - title: - type: string - type: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array + $ref: '#/components/schemas/APM_UI_create_annotation_response__source' APM_UI_delete_agent_configurations_response: type: object properties: @@ -90357,12 +32439,7 @@ components: type: object APM_UI_single_agent_configuration_response: allOf: - - type: object - properties: - id: - type: string - required: - - id + - $ref: '#/components/schemas/APM_UI_single_agent_configuration_response_1' - $ref: '#/components/schemas/APM_UI_agent_configuration_object' APM_UI_source_maps_response: type: object @@ -90371,36 +32448,7 @@ components: description: Artifacts items: allOf: - - type: object - properties: - body: - type: object - properties: - bundleFilepath: - type: string - serviceName: - type: string - serviceVersion: - type: string - sourceMap: - type: object - properties: - file: - type: string - mappings: - type: string - sourceRoot: - type: string - sources: - items: - type: string - type: array - sourcesContent: - items: - type: string - type: array - version: - type: number + - $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_1' - $ref: '#/components/schemas/APM_UI_base_source_map_object' type: array APM_UI_upload_source_map_object: @@ -90428,10 +32476,7 @@ components: - sourcemap APM_UI_upload_source_maps_response: allOf: - - type: object - properties: - body: - type: string + - $ref: '#/components/schemas/APM_UI_upload_source_maps_response_1' - $ref: '#/components/schemas/APM_UI_base_source_map_object' Data_views_400_response: title: Bad request @@ -90473,44 +32518,7 @@ components: type: object properties: data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view' override: default: false description: Override an existing data view if a data view with the provided title already exists. @@ -90522,41 +32530,7 @@ components: type: object properties: data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view' Data_views_fieldattrs: description: A map of field attributes by field name. type: object @@ -90585,11 +32559,7 @@ components: type: object properties: script: - type: object - properties: - source: - description: Script for the runtime field. - type: string + $ref: '#/components/schemas/Data_views_runtimefieldmap_Script' type: description: Mapping type of the runtime field. type: string @@ -90599,12 +32569,7 @@ components: Data_views_sourcefilters: description: The array of field names you want to filter out in Discover. items: - type: object - properties: - value: - type: string - required: - - value + $ref: '#/components/schemas/Data_views_sourcefilters_Item' type: array Data_views_swap_data_view_request_object: title: Data view reference swap request @@ -90616,10 +32581,8 @@ components: forId: description: Limit the affected saved objects to one or more by identifier. oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Data_views_swap_data_view_request_object_ForId_1' + - $ref: '#/components/schemas/Data_views_swap_data_view_request_object_ForId_2' forType: description: Limit the affected saved objects by type. type: string @@ -90650,11 +32613,9 @@ components: type: object properties: aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object + $ref: '#/components/schemas/Data_views_typemeta_Aggs' params: - description: Properties for retrieving rollup fields. - type: object + $ref: '#/components/schemas/Data_views_typemeta_Params' required: - aggs - params @@ -90664,42 +32625,15 @@ components: type: object properties: aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object + $ref: '#/components/schemas/Data_views_typemeta_response_Aggs' params: - description: Properties for retrieving rollup fields. - type: object + $ref: '#/components/schemas/Data_views_typemeta_response_Params' Data_views_update_data_view_request_object: title: Update data view request type: object properties: data_view: - description: | - The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view' refresh_fields: default: false description: Reloads the data view fields after the data view is updated. @@ -90712,25 +32646,7 @@ components: type: object properties: status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse_Status' required: - status Kibana_HTTP_APIs_core_status_response: @@ -90739,240 +32655,17 @@ components: type: object properties: metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Metrics' name: description: Kibana instance name. type: string status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - http: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status' uuid: description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts. type: string version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: A unique hash value representing the git commit of this Kibana build. - type: string - build_number: - description: A monotonically increasing number, each subsequent build will have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Version' required: - name - uuid @@ -90982,15 +32675,9 @@ components: Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response_DatafeedsAdded' datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response_DatafeedsRemoved' savedObjectsCreated: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated' savedObjectsDeleted: @@ -91034,40 +32721,22 @@ components: description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API. properties: anomaly-detector: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' - description: If saved objects are missing for anomaly detection jobs, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Anomaly-detector' data-frame-analytics: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' - description: If saved objects are missing for data frame analytics jobs, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Data-frame-analytics' trained-model: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' - description: If saved objects are missing for trained models, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Trained-model' title: Sync API response for created saved objects type: object Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API. properties: anomaly-detector: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' - description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Anomaly-detector' data-frame-analytics: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' - description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Data-frame-analytics' trained-model: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' - description: If there are saved objects exist for nonexistent trained models, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Trained-model' title: Sync API response for deleted saved objects type: object Machine_learning_APIs_mlSyncResponseSuccess: @@ -91129,8 +32798,7 @@ components: description: The name of the function. type: string parameters: - description: The parameters of the function. - type: object + $ref: '#/components/schemas/Observability_AI_Assistant_API_Function_Parameters' Observability_AI_Assistant_API_FunctionCall: description: Details of the function call within the message. type: object @@ -91153,20 +32821,8 @@ components: - trigger Observability_AI_Assistant_API_Instruction: oneOf: - - description: A simple instruction represented as a string. - type: string - - description: A detailed instruction with an ID and text. - type: object - properties: - id: - description: A unique identifier for the instruction. - type: string - text: - description: The text of the instruction. - type: string - required: - - id - - text + - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction_1' + - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction_2' Observability_AI_Assistant_API_Message: name: Message type: object @@ -91175,27 +32831,7 @@ components: description: The timestamp when the message was created. type: string message: - description: The main content of the message. - type: object - properties: - content: - description: The content of the message. - type: string - data: - description: Additional data associated with the message. - type: string - event: - description: The event related to the message. - type: string - function_call: - $ref: '#/components/schemas/Observability_AI_Assistant_API_FunctionCall' - name: - description: The name associated with the message. - type: string - role: - $ref: '#/components/schemas/Observability_AI_Assistant_API_MessageRoleEnum' - required: - - role + $ref: '#/components/schemas/Observability_AI_Assistant_API_Message_Message' required: - '@timestamp' - message @@ -91312,20 +32948,7 @@ components: example: 5 type: integer attributes: - type: object - properties: - errors: - description: List of errors that occurred during the bulk operation. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse_Attributes' message: description: Message providing information about the bulk action result. example: Bulk action completed successfully @@ -91723,55 +33346,12 @@ components: - id Security_AI_Assistant_API_DocumentEntry: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name - - namespace - - global - - users + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntry_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_ResponseFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryResponseFields' Security_AI_Assistant_API_DocumentEntryCreateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryRequiredFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields' Security_AI_Assistant_API_DocumentEntryOptionalFields: @@ -91813,65 +33393,12 @@ components: - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields' Security_AI_Assistant_API_DocumentEntryUpdateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryUpdateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields' Security_AI_Assistant_API_EsqlContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - label: - description: Label of the query - example: High Severity Alerts - type: string - query: - description: An ESQL query - example: SELECT * FROM alerts WHERE severity = "high" - type: string - timerange: - description: Time range to select in the time picker. - type: object - properties: - from: - example: '2025-04-01T00:00:00Z' - type: string - to: - example: '2025-04-30T23:59:59Z' - type: string - required: - - from - - to - type: - enum: - - EsqlQuery - example: EsqlQuery - type: string - required: - - type - - query - - label + - $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference_2' description: References an ESQL query Security_AI_Assistant_API_FindAnonymizationFieldsSortField: enum: @@ -91910,73 +33437,16 @@ components: Security_AI_Assistant_API_HrefContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - href: - description: URL to the external resource - type: string - label: - description: Label of the query - type: string - type: - enum: - - Href - type: string - required: - - type - - href + - $ref: '#/components/schemas/Security_AI_Assistant_API_HrefContentReference_2' description: References an external URL Security_AI_Assistant_API_IndexEntry: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name - - namespace - - global - - users + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntry_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_ResponseFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryResponseFields' Security_AI_Assistant_API_IndexEntryCreateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryRequiredFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields' Security_AI_Assistant_API_IndexEntryOptionalFields: @@ -92029,90 +33499,22 @@ components: - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields' Security_AI_Assistant_API_IndexEntryUpdateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryUpdateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields' Security_AI_Assistant_API_InputSchema: description: Array of objects defining the input schema, allowing the LLM to extract structured data to be used in retrieval. items: - type: object - properties: - description: - description: Description of the field. - example: The title of the document. - type: string - fieldName: - description: Name of the field. - example: title - type: string - fieldType: - description: Type of the field. - example: string - type: string - required: - - fieldName - - fieldType - - description + $ref: '#/components/schemas/Security_AI_Assistant_API_InputSchema_Item' type: array Security_AI_Assistant_API_InputTextInterruptResumeValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptResumeValue' - - type: object - properties: - type: - enum: - - INPUT_TEXT - example: INPUT_TEXT - type: string - value: - description: Text value used to resume the graph execution with. - example: .logs* - type: string - required: - - value - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_InputTextInterruptResumeValue_2' description: A resume value for input text Security_AI_Assistant_API_InputTextInterruptValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptValue' - - type: object - properties: - description: - description: Description of action required - example: What is the index you would like to use for the query. - type: string - placeholder: - description: Placeholder text for the input field - example: Enter index pattern here... - type: string - type: - enum: - - INPUT_TEXT - example: INPUT_TEXT - type: string - required: - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_InputTextInterruptValue_2' description: Interrupt that requests user to provide text input Security_AI_Assistant_API_InterruptResumeValue: description: Union of the interrupt resume values @@ -92159,27 +33561,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - description: List of errors encountered during the bulk action. - example: - - err_code: UPDATE_FAILED - knowledgeBaseEntries: - - id: '456' - name: Error Entry - message: Failed to update entry. - statusCode: 400 - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse_Attributes' knowledgeBaseEntriesCount: description: Total number of Knowledge Base Entries processed. example: 8 @@ -92267,25 +33649,7 @@ components: Security_AI_Assistant_API_KnowledgeBaseEntryContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - knowledgeBaseEntryId: - description: Id of the Knowledge Base Entry - example: kbentry456 - type: string - knowledgeBaseEntryName: - description: Name of the knowledge base entry - example: Network Security Best Practices - type: string - type: - enum: - - KnowledgeBaseEntry - example: KnowledgeBaseEntry - type: string - required: - - type - - knowledgeBaseEntryId - - knowledgeBaseEntryName + - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryContentReference_2' description: References a knowledge base entry Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps: anyOf: @@ -92560,25 +33924,7 @@ components: Security_AI_Assistant_API_ProductDocumentationContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - title: - description: Title of the documentation - example: Getting Started with Security AI Assistant - type: string - type: - enum: - - ProductDocumentation - example: ProductDocumentation - type: string - url: - description: URL to the documentation - example: https://docs.example.com/security-ai-assistant - type: string - required: - - type - - title - - url + - $ref: '#/components/schemas/Security_AI_Assistant_API_ProductDocumentationContentReference_2' description: References the product documentation Security_AI_Assistant_API_PromptCreateProps: type: object @@ -92716,19 +34062,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse_Attributes' message: description: A message describing the result of the bulk action. example: Bulk action completed successfully. @@ -92864,33 +34198,12 @@ components: Security_AI_Assistant_API_SecurityAlertContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - alertId: - description: ID of the Alert - example: alert789 - type: string - type: - enum: - - SecurityAlert - example: SecurityAlert - type: string - required: - - type - - alertId + - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertContentReference_2' description: References a security alert Security_AI_Assistant_API_SecurityAlertsPageContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - type: - enum: - - SecurityAlertsPage - example: SecurityAlertsPage - type: string - required: - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertsPageContentReference_2' description: References the security alerts page Security_AI_Assistant_API_SelectOptionInterruptOption: description: A request approval option @@ -92921,47 +34234,12 @@ components: Security_AI_Assistant_API_SelectOptionInterruptResumeValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptResumeValue' - - type: object - properties: - type: - enum: - - SELECT_OPTION - example: SELECT_OPTION - type: string - value: - description: The value of the selected option to resume the graph execution with - example: option_1 - type: string - required: - - value - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptResumeValue_2' description: A request approval resume schema Security_AI_Assistant_API_SelectOptionInterruptValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptValue' - - type: object - properties: - description: - description: Description of action required - example: Select one of the options - type: string - options: - description: List of actions to choose from - example: - - label: Option 1 - - label: Option 2 - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptOption' - type: array - type: - enum: - - SELECT_OPTION - example: SELECT_OPTION - type: string - required: - - type - - description - - options + - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptValue_2' description: Interrupt that requests user to select one of the provided options Security_AI_Assistant_API_SortOrder: description: The order in which results are sorted. @@ -93003,13 +34281,7 @@ components: example: bert-base-uncased type: string tokens: - additionalProperties: - type: number - description: Tokens with their corresponding values. - example: - token1: 0.123 - token2: 0.456 - type: object + $ref: '#/components/schemas/Security_AI_Assistant_API_Vector_Tokens' required: - modelId - tokens @@ -93366,17 +34638,10 @@ components: api_config: allOf: - $ref: '#/components/schemas/Security_Attack_discovery_API_ApiConfig' - - type: object - properties: - name: - description: The name of the connector - type: string - required: - - name + - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Api_config_2' description: LLM API configuration. combined_filter: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Combined_filter' end: type: string filters: @@ -93445,15 +34710,7 @@ components: description: The connector id (event.dataset) for this generation type: string connector_stats: - description: Stats applicable to the connector for this generation - type: object - properties: - average_successful_duration_nanoseconds: - description: The average duration (avg event.duration) in nanoseconds of successful generations for the same connector id, for the current user - type: number - successful_generations: - description: The number of successful generations for the same connector id, for the current user - type: number + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration_Connector_stats' discoveries: description: The number of new Attack discovery alerts (max kibana.alert.rule.execution.metrics.alert_counts.new) for this generation type: number @@ -93510,33 +34767,7 @@ components: end: type: string filter: - additionalProperties: true - description: |- - An Elasticsearch-style query DSL object used to filter alerts. For example: - ```json { - "filter": { - "bool": { - "must": [], - "filter": [ - { - "bool": { - "should": [ - { - "term": { - "user.name": { "value": "james" } - } - } - ], - "minimum_should_match": 1 - } - } - ], - "should": [], - "must_not": [] - } - } - } ``` - type: object + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGenerationConfig_Filter' model: type: string replacements: @@ -93612,9 +34843,8 @@ components: type: string query: oneOf: - - type: string - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Attack_discovery_API_Query_Query_1' + - $ref: '#/components/schemas/Security_Attack_discovery_API_Query_Query_2' required: - query - language @@ -93680,14 +34910,11 @@ components: Security_Detections_API_AlertsSort: oneOf: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - - items: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - type: array + - $ref: '#/components/schemas/Security_Detections_API_AlertsSort_2' Security_Detections_API_AlertsSortCombinations: anyOf: - - type: string - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations_1' + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations_2' Security_Detections_API_AlertStatusExceptClosed: description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: @@ -93840,16 +35067,7 @@ components: - set_rule_actions type: string value: - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' - type: array - throttle: - $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' - required: - - actions + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions_Value' required: - type - value @@ -93867,24 +35085,7 @@ components: - set_schedule type: string value: - type: object - properties: - interval: - description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - lookback: - description: | - Lookback time for the rules. - - Additional look-back time that the rule analyzes. For example, "10m" means the rule analyzes the last 10 minutes of data in addition to the frequency interval. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - required: - - interval - - lookback + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule_Value' required: - type - value @@ -93944,15 +35145,7 @@ components: - set_timeline type: string value: - type: object - properties: - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - required: - - timeline_id - - timeline_title + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline_Value' required: - type - value @@ -94053,18 +35246,7 @@ components: - duplicate type: string duplicate: - description: Duplicate object that describes applying an update action. - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions + $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules_Duplicate' gap_fill_statuses: description: Gap fill statuses to filter rules with gaps by status (used together with gaps_range_*). items: @@ -94093,19 +35275,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' - type: array - results: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' - summary: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse_Attributes' message: type: string rules_count: @@ -94275,18 +35445,7 @@ components: - fill_gaps type: string fill_gaps: - description: Object that describes applying a manual gap fill action for the specified time range. - type: object - properties: - end_date: - description: End date of the manual gap fill - type: string - start_date: - description: Start date of the manual gap fill - type: string - required: - - start_date - - end_date + $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps_Fill_gaps' gap_fill_statuses: description: Gap fill statuses to filter rules with gaps by status (used together with gaps_range_*). items: @@ -94342,18 +35501,7 @@ components: description: Query to filter rules. type: string run: - description: Object that describes applying a manual rule run action. - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date - - end_date + $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun_Run' required: - action - run @@ -94387,8 +35535,7 @@ components: - proceed type: string query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_CloseAlertsByQuery_Query' reason: $ref: '#/components/schemas/Security_Detections_API_ReasonEnum' status: @@ -94416,16 +35563,7 @@ components: - command Security_Detections_API_EcsMapping: additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array + $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value' description: 'Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: "ecs_mapping": {"process.pid": {"field": "pid"}}' type: object Security_Detections_API_EndpointResponseAction: @@ -94482,122 +35620,7 @@ components: - language Security_Detections_API_EqlRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_EqlRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' Security_Detections_API_EqlRuleCreateFields: @@ -94606,221 +35629,15 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' Security_Detections_API_EqlRulePatchFields: allOf: - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - eql - type: string + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' Security_Detections_API_EqlRuleResponseFields: allOf: @@ -94828,124 +35645,14 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' Security_Detections_API_ErrorSchema: additionalProperties: false type: object properties: error: - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema_Error' id: type: string item_id: @@ -94964,122 +35671,7 @@ components: type: string Security_Detections_API_EsqlRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' Security_Detections_API_EsqlRuleCreateFields: @@ -95088,106 +35680,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' Security_Detections_API_EsqlRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' Security_Detections_API_EsqlRuleOptionalFields: type: object @@ -95196,112 +35689,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' Security_Detections_API_EsqlRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' Security_Detections_API_EsqlRuleRequiredFields: type: object @@ -95325,108 +35713,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' Security_Detections_API_EsqlRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' Security_Detections_API_EventCategoryOverride: type: string @@ -95445,13 +35732,7 @@ components: Security_Detections_API_ExternalRuleCustomizedFields: description: An array of customized field names — that is, fields that the user has modified from their base value. Defaults to an empty array. items: - type: object - properties: - field_name: - description: Name of a user-modified field in the rule object. - type: string - required: - - field_name + $ref: '#/components/schemas/Security_Detections_API_ExternalRuleCustomizedFields_Item' type: array Security_Detections_API_ExternalRuleHasBaseVersion: description: Determines whether an external/prebuilt rule has its original, unmodified version present when the calculation of its customization status is performed (`rule_source.is_customized` and `rule_source.customized_fields`). @@ -95558,129 +35839,11 @@ components: Security_Detections_API_MachineLearningJobId: description: Machine learning job ID(s) the rule monitors for anomaly scores. oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId_1' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId_2' Security_Detections_API_MachineLearningRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields' Security_Detections_API_MachineLearningRuleCreateFields: @@ -95689,106 +35852,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MachineLearningRuleOptionalFields: type: object @@ -95797,117 +35861,11 @@ components: $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' Security_Detections_API_MachineLearningRulePatchFields: allOf: - - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' - type: - description: Rule type - enum: - - machine_learning - type: string + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields' Security_Detections_API_MachineLearningRuleRequiredFields: type: object @@ -95931,108 +35889,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MaxSignals: default: 100 @@ -96051,122 +35908,7 @@ components: type: array Security_Detections_API_NewTermsRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields' Security_Detections_API_NewTermsRuleCreateFields: @@ -96176,106 +35918,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NewTermsRuleDefaultableFields: type: object @@ -96295,120 +35938,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' Security_Detections_API_NewTermsRulePatchFields: allOf: - - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' Security_Detections_API_NewTermsRuleRequiredFields: type: object @@ -96433,116 +35968,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields_3' Security_Detections_API_NewTermsRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NonEmptyString: description: A string that does not contain only whitespace characters @@ -96665,17 +36094,7 @@ components: description: 'Add a note that explains or describes the action. You can find your comment in the response actions history log. Example: "comment": "Check processes"' type: string config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field + $ref: '#/components/schemas/Security_Detections_API_ProcessesParams_Config' required: - command - config @@ -96684,24 +36103,19 @@ components: properties: _source: oneOf: - - type: boolean - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_1' + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_2' + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_3' aggs: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Aggs' fields: items: type: string type: array query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Query' runtime_mappings: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Runtime_mappings' size: minimum: 0 type: integer @@ -96711,122 +36125,7 @@ components: type: boolean Security_Detections_API_QueryRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_QueryRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' Security_Detections_API_QueryRuleCreateFields: @@ -96836,106 +36135,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_QueryRuleDefaultableFields: type: object @@ -96959,114 +36159,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' Security_Detections_API_QueryRulePatchFields: allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' Security_Detections_API_QueryRuleRequiredFields: type: object @@ -97082,119 +36180,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - required: - - query - - language + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields_3' Security_Detections_API_QueryRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_ReasonEnum: description: The reason for closing the alerts @@ -97363,23 +36352,7 @@ components: Security_Detections_API_RiskScoreMapping: description: Overrides generated alerts' risk_score with a value from the source event items: - type: object - properties: - field: - description: Source event field used to override the default `risk_score`. - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping_Item' type: array Security_Detections_API_RuleAction: type: object @@ -97500,14 +36473,8 @@ components: Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. oneOf: - - enum: - - no_actions - - rule - type: string - - description: Time interval in seconds, minutes, hours, or days. - example: 1h - pattern: ^[1-9]\d*[smhd]$ - type: string + - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle_1' + - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle_2' Security_Detections_API_RuleAuthorArray: description: The rule’s author. items: @@ -97579,18 +36546,7 @@ components: minimum: 0 type: integer gap_range: - description: Range of the execution gap - type: object - properties: - gte: - description: Start date of the execution gap - type: string - lte: - description: End date of the execution gap - type: string - required: - - gte - - lte + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics_Gap_range' total_enrichment_duration_ms: description: Total time spent enriching documents during current rule execution cycle minimum: 0 @@ -97628,27 +36584,7 @@ components: type: object properties: last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' - status: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' - description: Status of the last execution - status_order: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' - required: - - date - - status - - status_order - - message - - metrics + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary_Last_execution' required: - last_execution Security_Detections_API_RuleFalsePositiveArray: @@ -97837,122 +36773,7 @@ components: type: string Security_Detections_API_SavedQueryRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields' Security_Detections_API_SavedQueryRuleCreateFields: @@ -97962,106 +36783,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SavedQueryRuleDefaultableFields: type: object @@ -98083,116 +36805,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleQuery' Security_Detections_API_SavedQueryRulePatchFields: allOf: - - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields' Security_Detections_API_SavedQueryRuleRequiredFields: type: object @@ -98211,116 +36829,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields_3' Security_Detections_API_SavedQueryRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SetAlertAssigneesBody: type: object @@ -98375,8 +36887,7 @@ components: - proceed type: string query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQueryBase_Query' status: $ref: '#/components/schemas/Security_Detections_API_AlertStatusExceptClosed' required: @@ -98422,24 +36933,7 @@ components: Security_Detections_API_SeverityMapping: description: Overrides generated alerts' severity with values from the source event items: - type: object - properties: - field: - description: Source event field used to override the default `severity`. - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping_Item' type: array Security_Detections_API_SiemErrorResponse: type: object @@ -98501,14 +36995,7 @@ components: You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic. items: - type: object - properties: - entries: - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatMappingEntry' - type: array - required: - - entries + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping_Item' minItems: 1 type: array Security_Detections_API_ThreatMappingEntry: @@ -98530,122 +37017,7 @@ components: - value Security_Detections_API_ThreatMatchRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields' Security_Detections_API_ThreatMatchRuleCreateFields: @@ -98655,106 +37027,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object @@ -98786,122 +37059,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' Security_Detections_API_ThreatMatchRulePatchFields: allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields' Security_Detections_API_ThreatMatchRuleRequiredFields: type: object @@ -98929,116 +37092,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields_3' Security_Detections_API_ThreatMatchRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatQuery: description: Query used to determine which fields in the Elasticsearch index are used for generating alerts. @@ -99122,146 +37179,16 @@ components: Security_Detections_API_ThresholdCardinality: description: The field on which the cardinality is applied. items: - type: object - properties: - field: - description: The field on which to calculate and compare the cardinality. - type: string - value: - description: The threshold value from which an alert is generated based on unique number of values of cardinality.field. - minimum: 0 - type: integer - required: - - field - - value + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality_Item' type: array Security_Detections_API_ThresholdField: description: The field on which the threshold is applied. If you specify an empty array ([]), alerts are generated when the query returns at least the number of results specified in the value field. oneOf: - - type: string - - items: - type: string - maxItems: 5 - minItems: 0 - type: array + - $ref: '#/components/schemas/Security_Detections_API_ThresholdField_1' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdField_2' Security_Detections_API_ThresholdRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields' Security_Detections_API_ThresholdRuleCreateFields: @@ -99271,106 +37198,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdRuleDefaultableFields: type: object @@ -99392,118 +37220,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' Security_Detections_API_ThresholdRulePatchFields: allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields' Security_Detections_API_ThresholdRuleRequiredFields: type: object @@ -99525,116 +37247,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields_3' Security_Detections_API_ThresholdRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdValue: description: The threshold value from which an alert is generated. @@ -99692,8 +37308,7 @@ components: Security_Endpoint_Exceptions_API_EndpointList: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - - additionalProperties: false - type: object + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList_2' Security_Endpoint_Exceptions_API_EndpointListItem: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' Security_Endpoint_Exceptions_API_ExceptionList: @@ -99915,15 +37530,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' - required: - - id - - type + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList_List' operator: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: @@ -100214,35 +37821,14 @@ components: type: object properties: body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse_Body' required: - body Security_Endpoint_Management_API_ActionStatusSuccessResponse: type: object properties: body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - pending_actions: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' - required: - - agent_id - - pending_actions - required: - - data + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body' required: - body Security_Endpoint_Management_API_AgentId: @@ -100255,14 +37841,8 @@ components: - agent-id-2 minLength: 1 oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds_2' Security_Endpoint_Management_API_AgentTypes: description: List of agent types to retrieve. Defaults to `endpoint`. enum: @@ -100275,7 +37855,7 @@ components: Security_Endpoint_Management_API_ApiPageSize: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' - - maximum: 1000 + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize_2' Security_Endpoint_Management_API_ApiSortField: description: Determines which field is used to sort the results. enum: @@ -100290,72 +37870,11 @@ components: Security_Endpoint_Management_API_Cancel: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - type: object - parameters: - type: object - properties: - id: - format: uuid - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_2' Security_Endpoint_Management_API_CancelRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - id: - description: ID of the response action to cancel - example: 7f8c9b2a-4d3e-4f5a-8b1c-2e3f4a5b6c7d - minLength: 1 - type: string - required: - - id - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_2' Security_Endpoint_Management_API_CloudFileScriptParameters: type: object properties: @@ -100599,94 +38118,11 @@ components: Security_Endpoint_Management_API_Execute: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - cwd: - type: string - output_file_id: - type: string - output_file_stderr_truncated: - type: boolean - output_file_stdout_truncated: - type: boolean - shell_code: - type: number - stderr: - type: string - stderr_truncated: - type: boolean - stdout: - type: string - stdout_truncated: - type: boolean - type: object - parameters: - type: object - properties: - command: - type: string - timeout: - type: number + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_2' Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' - timeout: - description: The maximum timeout value in seconds before the command is terminated. - minimum: 1 - type: integer - required: - - command - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_2' example: comment: Get list of all files endpoint_ids: @@ -100783,87 +38219,11 @@ components: Security_Endpoint_Management_API_GetFile: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - contents: - items: - type: object - properties: - file_name: - type: string - path: - type: string - sha256: - type: string - size: - type: number - type: - type: string - type: array - zip_size: - type: number - type: object - parameters: - type: object - properties: - path: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_2' Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_2' example: comment: Get my file endpoint_ids: @@ -101018,119 +38378,11 @@ components: Security_Endpoint_Management_API_KillProcess: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - type: object - properties: - code: - type: string - command: - type: string - pid: - type: number - - type: object - properties: - code: - type: string - command: - type: string - entity_id: - type: string - - type: object - properties: - code: - type: string - command: - type: string - process_name: - type: string - type: object - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - minimum: 1 - type: number - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - minLength: 1 - type: string - - type: object - properties: - process_name: - description: The name of the process to terminate. Valid for SentinelOne agent type only. - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_2' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - example: 123 - minimum: 1 - type: integer - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - example: abc123 - minLength: 1 - type: string - - type: object - properties: - process_name: - description: The name of the process to terminate. Valid for SentinelOne agent type only. - example: Elastic - minLength: 1 - type: string - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_2' example: comment: terminate the process endpoint_ids: @@ -101191,143 +38443,11 @@ components: Security_Endpoint_Management_API_MemoryDump: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - properties: - code: - type: string - disk_free_space: - description: The free space on the host machine in bytes after the memory dump is written to disk - type: number - file_size: - description: The size of the memory dump compressed file in bytes - type: string - path: - description: The path to the memory dump compressed file on the host machine - type: string - title: Memory dump output - type: object - type: object - parameters: - oneOf: - - properties: - type: - description: Kernel-level memory dump - enum: - - kernel - type: string - required: - - type - title: Kernel memory dump - type: object - - properties: - pid: - description: The process ID (PID) - type: number - type: - description: Process-level memory dump using a process ID - enum: - - process - type: string - required: - - type - - pid - title: Process memory dump with PID - type: object - - properties: - entity_id: - description: The process entity ID - type: string - type: - description: Process-level memory dump using an entity ID - enum: - - process - type: string - required: - - type - - entity_id - title: Process memory dump with entity ID - type: object - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_2' Security_Endpoint_Management_API_MemoryDumpRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - description: Dump the entire kernel memory. - type: object - properties: - type: - enum: - - kernel - type: string - required: - - type - - description: Dump the entire memory of a process using the PID. - type: object - properties: - pid: - type: number - type: - enum: - - process - type: string - required: - - type - - pid - - description: Dump the entire memory of a process using the entity ID. - type: object - properties: - entity_id: - type: string - type: - enum: - - process - type: string - required: - - type - - entity_id - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_2' Security_Endpoint_Management_API_MetadataListResponse: example: data: @@ -101522,28 +38642,8 @@ components: type: integer Security_Endpoint_Management_API_PendingActionsSchema: oneOf: - - type: object - properties: - execute: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - get-file: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - isolate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - kill-process: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - running-processes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - scan: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - suspend-process: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - unisolate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - upload: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema_2' Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: @@ -101603,21 +38703,7 @@ components: type: string type: array agentState: - additionalProperties: - format: uuid - type: object - properties: - completedAt: - description: The date and time the response action was completed for the agent ID - type: string - isCompleted: - description: Whether the response action is completed for the agent ID - type: boolean - wasSuccessful: - description: Whether the response action was successful for the agent ID - type: boolean - description: The state of the response action for each agent ID that it was sent to - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_AgentState' agentType: $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' command: @@ -101630,15 +38716,7 @@ components: description: The user who created the response action type: string hosts: - additionalProperties: - format: uuid - type: object - properties: - name: - description: The host name - type: string - description: An object containing the host names associated with the agent IDs the response action was sent to - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Hosts' id: description: The response action ID format: uuid @@ -101650,32 +38728,9 @@ components: description: Whether the response action is expired type: boolean outputs: - additionalProperties: - description: The agent id - format: uuid - properties: - content: - description: The response action output content for the agent ID. Exact format depends on the response action command. - oneOf: - - type: object - - type: string - type: - enum: - - json - - text - type: string - required: - - type - - content - title: Agent ID - type: object - description: | - The outputs of the response action for each agent ID that it was sent to. Content different depending on the - response action command and will only be present for agents that have responded to the response action - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs' parameters: - description: The parameters of the response action. Content different depending on the response action command - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Parameters' startedAt: description: The response action start time format: date-time @@ -101691,17 +38746,7 @@ components: Security_Endpoint_Management_API_RunningProcesses: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne' - type: object + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_2' Security_Endpoint_Management_API_RunningProcessesOutputEndpoint: description: Processes output for `agentType` of `endpoint` type: object @@ -101710,51 +38755,16 @@ components: type: string entries: items: - type: object - properties: - command: - type: string - entity_id: - type: string - pid: - type: number - user: - type: string + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint_Entries_Item' type: array Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - description: Processes output for `agentType` of `sentinel_one` - type: object - properties: - code: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne_2' Security_Endpoint_Management_API_Runscript: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - stderr: - type: string - stdout: - type: string - type: object - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsCrowdStrike' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsMicrosoft' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsSentinelOne' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_2' Security_Endpoint_Management_API_RunscriptParamsCrowdStrike: type: object properties: @@ -101784,118 +38794,16 @@ components: type: string Security_Endpoint_Management_API_RunScriptRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - description: | - One of the following set of parameters must be provided - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_SentinelOneRunScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_MDERunScriptParameters' - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody_2' Security_Endpoint_Management_API_Scan: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - type: object - parameters: - type: object - properties: - path: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_2' Security_Endpoint_Management_API_ScanRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - description: The folder or file’s full path (including the file name). - example: /usr/my-file.txt - type: string - required: - - path - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_2' example: comment: Scan the file for malware endpoint_ids: @@ -101981,99 +38889,11 @@ components: Security_Endpoint_Management_API_SuspendProcess: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - type: object - properties: - code: - type: string - command: - type: string - pid: - type: number - - type: object - properties: - code: - type: string - command: - type: string - entity_id: - type: string - type: object - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - minimum: 1 - type: number - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_2' Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to suspend. - example: 123 - minimum: 1 - type: integer - - type: object - properties: - entity_id: - description: The entity ID of the process to suspend. - example: abc123 - minLength: 1 - type: string - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_2' example: comment: suspend the process endpoint_ids: @@ -102152,88 +38972,11 @@ components: Security_Endpoint_Management_API_Upload: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - disk_free_space: - type: number - path: - type: string - type: object - parameters: - description: | - The parameters for upload returned on the details are derived via the API from the file that - was uploaded at the time that the response action was submitted - type: object - properties: - file_id: - type: string - file_name: - type: string - file_sha256: - type: string - file_size: - type: number + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_2' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - file: - description: The binary content of the file. - example: RWxhc3RpYw== - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - description: Overwrite the file on the host if it already exists. - example: false - type: boolean - required: - - parameters - - file + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_2' example: endpoint_ids: - ed518850-681a-4d60-bb98-e22640cae2a8 @@ -102274,26 +39017,16 @@ components: - user-id-1 - user-id-2 oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds_2' Security_Endpoint_Management_API_WithOutputs: description: A list of action IDs that should include the complete output of the action. example: - action-id-1 - action-id-2 oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs_2' Security_Entity_Analytics_API_Asset: additionalProperties: false type: object @@ -102360,15 +39093,7 @@ components: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts' - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord_3' example: '@timestamp': '2024-08-02T11:15:34.290Z' asset: @@ -102384,68 +39109,15 @@ components: type: object properties: asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - asset + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Asset' entity: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - id: - type: string - required: - - id + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity' host: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host' service: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service' user: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User' required: - asset Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: @@ -102469,15 +39141,7 @@ components: type: boolean errors: items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error + $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse_Errors_Item' type: array required: - cleanup_successful @@ -102487,15 +39151,7 @@ components: properties: errors: items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error + $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse_Errors_Item' type: array risk_engine_saved_object_configured: example: false @@ -102506,12 +39162,7 @@ components: Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - - type: object - properties: - criticality_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality_level + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord_2' Security_Entity_Analytics_API_EngineComponentResource: enum: - entity_engine @@ -102531,12 +39182,7 @@ components: properties: errors: items: - type: object - properties: - message: - type: string - title: - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus_Errors_Item' type: array health: enum: @@ -102562,12 +39208,7 @@ components: type: object properties: changes: - type: object - properties: - indexPatterns: - items: - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult_Changes' type: type: string required: @@ -102582,17 +39223,7 @@ components: docsPerSecond: type: integer error: - type: object - properties: - action: - enum: - - init - type: string - message: - type: string - required: - - message - - action + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor_Error' fieldHistoryLength: type: integer filter: @@ -102663,27 +39294,7 @@ components: has_write_permissions: type: boolean privileges: - type: object - properties: - elasticsearch: - type: object - properties: - cluster: - additionalProperties: - type: boolean - type: object - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - kibana: - additionalProperties: - type: boolean - type: object - required: - - elasticsearch + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges' required: - has_all_required - privileges @@ -102702,101 +39313,21 @@ components: type: object properties: attributes: - additionalProperties: false - type: object - properties: - asset: - type: boolean - managed: - type: boolean - mfa_enabled: - type: boolean - privileged: - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Attributes' behaviors: - additionalProperties: false - type: object - properties: - brute_force_victim: - type: boolean - new_country_login: - type: boolean - used_usb_device: - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Behaviors' EngineMetadata: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineMetadata' id: type: string lifecycle: - additionalProperties: false - type: object - properties: - first_seen: - format: date-time - type: string - last_activity: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Lifecycle' name: type: string relationships: - additionalProperties: false - type: object - properties: - accessed_frequently_by: - items: - type: string - type: array - accesses_frequently: - items: - type: string - type: array - communicates_with: - items: - type: string - type: array - dependent_of: - items: - type: string - type: array - depends_on: - items: - type: string - type: array - owned_by: - items: - type: string - type: array - owns: - items: - type: string - type: array - supervised_by: - items: - type: string - type: array - supervises: - items: - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Relationships' risk: - additionalProperties: false - type: object - properties: - calculated_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' - description: Lexical description of the entity's risk. - example: Critical - calculated_score: - description: The raw numeric value of the given entity's risk score. - format: double - type: number - calculated_score_norm: - description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. - format: double - maximum: 100 - minimum: 0 - type: number + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Risk' source: type: string sub_type: @@ -102868,24 +39399,7 @@ components: modifiers: description: A list of modifiers that were applied to the risk score calculation. items: - type: object - properties: - contribution: - format: double - type: number - metadata: - additionalProperties: true - type: object - modifier_value: - format: double - type: number - subtype: - type: string - type: - type: string - required: - - type - - contribution + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Item' type: array notes: items: @@ -102936,52 +39450,9 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity_Event' host: - additionalProperties: false - type: object - properties: - architecture: - items: - type: string - type: array - domain: - items: - type: string - type: array - entity: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' - hostname: - items: - type: string - type: array - id: - items: - type: string - type: array - ip: - items: - type: string - type: array - mac: - items: - type: string - type: array - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - type: - items: - type: string - type: array - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity_Host' required: - entity Security_Entity_Analytics_API_IdField: @@ -103017,84 +39488,23 @@ components: Security_Entity_Analytics_API_MonitoredUserDoc: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc' - - type: object - properties: - '@timestamp': - format: date-time - type: string - event: - type: object - properties: - '@timestamp': - format: date-time - type: string - ingested: - format: date-time - type: string - user: - type: object - properties: - entity: - type: object - properties: - attributes: - type: object - properties: - Privileged: - description: Indicates if the user is privileged. - type: boolean - is_privileged: - description: Indicates if the user is privileged. - type: boolean - name: - type: string + - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_2' Security_Entity_Analytics_API_MonitoredUserUpdateDoc: type: object properties: entity_analytics_monitoring: - type: object - properties: - labels: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringLabel' - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Entity_analytics_monitoring' id: type: string labels: - type: object - properties: - source_ids: - items: - type: string - type: array - source_integrations: - items: - type: string - type: array - sources: - items: - enum: - - csv - - index_sync - - api - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Labels' user: - type: object - properties: - is_privileged: - description: Indicates if the user is privileged. - type: boolean - name: - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_User' Security_Entity_Analytics_API_MonitoringEngineDescriptor: type: object properties: error: - type: object - properties: - message: - description: Error message typically only present if the engine is in error state - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringEngineDescriptor_Error' status: $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' required: @@ -103217,24 +39627,9 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_ServiceEntity_Event' service: - additionalProperties: false - type: object - properties: - entity: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_ServiceEntity_Service' required: - entity Security_Entity_Analytics_API_StoreStatus: @@ -103323,81 +39718,18 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity_Event' user: - additionalProperties: false - type: object - properties: - domain: - items: - type: string - type: array - email: - items: - type: string - type: array - full_name: - items: - type: string - type: array - hash: - items: - type: string - type: array - id: - items: - type: string - type: array - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - additionalProperties: false - roles: - items: - type: string - type: array - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity_User' required: - entity Security_Entity_Analytics_API_UserName: type: object properties: entity_analytics_monitoring: - description: Entity analytics monitoring configuration for the user - type: object - properties: - labels: - description: Array of labels associated with the user - items: - type: object - properties: - field: - description: The field name for the label - type: string - source: - description: The source where this label was created (api, csv, or index_sync) - enum: - - api - - csv - - index_sync - type: string - value: - description: The value of the label - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring' user: - type: object - properties: - name: - description: The name of the user. - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_User' Security_Exceptions_API_BlocklistHashOrPathEntry: type: object properties: @@ -103499,38 +39831,7 @@ components: entries: description: Nested subject_name entries items: - type: object - properties: - field: - description: Certificate subject name - enum: - - subject_name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Match type for subject name - enum: - - match - - match_any - type: string - value: - oneOf: - - description: Single subject name (used with match) - type: string - - description: Array of subject names (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Item' minItems: 1 type: array field: @@ -103640,42 +39941,7 @@ components: Security_Exceptions_API_CreateExceptionListItemGeneric: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBase' - - example: - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple - type: object - properties: - entries: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - default: [] - required: - - list_id - - entries + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric_2' Security_Exceptions_API_CreateExceptionListItemHostIsolation: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBase' @@ -104024,15 +40290,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ListType' - required: - - id - - type + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList_List' operator: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: @@ -104192,15 +40450,7 @@ components: type: object properties: error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError_Error' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: @@ -104259,31 +40509,7 @@ components: entries: description: Exactly one entry allowed for host isolation exceptions items: - type: object - properties: - field: - description: Must be destination.ip - enum: - - destination.ip - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Must be match - enum: - - match - type: string - value: - description: Valid IPv4 address or CIDR notation (e.g., "192.168.1.1" or "10.0.0.0/8") - type: string - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_HostIsolationProperties_Entries_Item' maxItems: 1 minItems: 1 type: array @@ -104409,52 +40635,8 @@ components: description: Must include exactly 2 entries - one for subject_name and one for trusted items: oneOf: - - type: object - properties: - field: - enum: - - subject_name - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Certificate subject name - type: string - required: - - field - - type - - value - - operator - - type: object - properties: - field: - enum: - - trusted - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Must be the string 'true' - enum: - - 'true' - type: string - required: - - field - - type - - value - - operator + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_2' maxItems: 2 minItems: 2 type: array @@ -104596,52 +40778,8 @@ components: description: Must include exactly 2 entries - one for subject_name and one for trusted items: oneOf: - - type: object - properties: - field: - enum: - - subject_name - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Certificate subject name - type: string - required: - - field - - type - - value - - operator - - type: object - properties: - field: - enum: - - trusted - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Must be the string 'true' - enum: - - 'true' - type: string - required: - - field - - type - - value - - operator + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_2' maxItems: 2 minItems: 2 type: array @@ -104665,45 +40803,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed) items: - type: object - properties: - field: - description: Device field to match against - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Item' minItems: 1 type: array list_id: @@ -104731,45 +40831,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed, username not available when targeting both OS) items: - type: object - properties: - field: - description: Device field to match against (username not available for multi-OS) - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Item' minItems: 1 type: array list_id: @@ -104798,46 +40860,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed) items: - type: object - properties: - field: - description: Device field to match against (user.name is Windows-only) - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - - user.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Item' minItems: 1 type: array list_id: @@ -104926,32 +40949,7 @@ components: Security_Exceptions_API_UpdateExceptionListItemGeneric: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBase' - - example: - comments: [] - description: Updated description - entries: - - field: host.name - operator: included - type: match - value: rock01 - item_id: simple_list_item - name: Updated name - namespace_type: single - tags: [] - type: simple - type: object - properties: - entries: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - required: - - entries + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric_2' Security_Exceptions_API_UpdateExceptionListItemHostIsolation: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBase' @@ -105151,21 +41149,13 @@ components: type: object properties: application: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Application' cluster: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Cluster' has_all_requested: type: boolean index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Index' username: type: string required: @@ -105193,21 +41183,13 @@ components: type: object properties: application: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Application' cluster: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Cluster' has_all_requested: type: boolean index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Index' username: type: string required: @@ -105356,9 +41338,7 @@ components: type: string type: array metadata: - description: Custom metadata object associated with the live query. - nullable: true - type: object + $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody_Metadata' pack_id: $ref: '#/components/schemas/Security_Osquery_API_PackId' queries: @@ -105522,10 +41502,8 @@ components: description: The value to map to the ECS field. example: total_seconds oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem_Value_1' + - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem_Value_2' Security_Osquery_API_ECSMappingOrUndefined: $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' nullable: true @@ -105937,40 +41915,11 @@ components: Security_Timeline_API_BareNote: allOf: - $ref: '#/components/schemas/Security_Timeline_API_NoteCreatedAndUpdatedMetadata' - - type: object - properties: - eventId: - description: The `_id` of the associated event for this note. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - nullable: true - type: string - note: - description: The text of the note - example: This is an example text - nullable: true - type: string - timelineId: - description: The `savedObjectId` of the Timeline that this note is associated with - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - timelineId + - $ref: '#/components/schemas/Security_Timeline_API_BareNote_2' Security_Timeline_API_BarePinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata' - - type: object - properties: - eventId: - description: The `_id` of the associated event for this pinned event. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - type: string - timelineId: - description: The `savedObjectId` of the timeline that this pinned event is associated with - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - eventId - - timelineId + - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent_2' Security_Timeline_API_ColumnHeaderResult: type: object properties: @@ -106070,10 +42019,8 @@ components: type: string Security_Timeline_API_DocumentIds: oneOf: - - items: - type: string - type: array - - type: string + - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds_1' + - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds_2' Security_Timeline_API_FavoriteTimelineResponse: type: object properties: @@ -106132,42 +42079,7 @@ components: nullable: true type: string meta: - nullable: true - type: object - properties: - alias: - nullable: true - type: string - controlledBy: - nullable: true - type: string - disabled: - nullable: true - type: boolean - field: - nullable: true - type: string - formattedValue: - nullable: true - type: string - index: - nullable: true - type: string - key: - nullable: true - type: string - negate: - nullable: true - type: boolean - params: - nullable: true - type: string - type: - nullable: true - type: string - value: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult_Meta' missing: nullable: true type: string @@ -106198,24 +42110,7 @@ components: errors: description: The list of failed Timeline imports items: - type: object - properties: - error: - description: The error containing the reason why the timeline could not be imported - type: object - properties: - message: - description: The reason why the timeline could not be imported - example: Malformed JSON - type: string - status_code: - description: The HTTP status code of the error - example: 400 - type: number - id: - description: The ID of the timeline that failed to import - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - type: string + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult_Errors_Item' type: array success: description: Indicates whether any of the Timelines were successfully imports @@ -106235,51 +42130,11 @@ components: Security_Timeline_API_ImportTimelines: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - savedObjectId - - version - - pinnedEventIds - - eventNotes - - globalNotes + - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines_2' Security_Timeline_API_Note: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - - type: object - properties: - noteId: - description: The `savedObjectId` of the note - example: 709f99c6-89b6-4953-9160-35945c8e174e - type: string - version: - description: The version of the note - example: WzQ2LDFd - type: string - required: - - noteId - - version + - $ref: '#/components/schemas/Security_Timeline_API_Note_2' Security_Timeline_API_NoteCreatedAndUpdatedMetadata: type: object properties: @@ -106306,31 +42161,13 @@ components: Security_Timeline_API_PersistPinnedEventResponse: oneOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - type: object - properties: - unpinned: - description: Indicates whether the event was successfully unpinned - type: boolean - required: - - unpinned + - $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse_2' Security_Timeline_API_PersistTimelineResponse: $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' Security_Timeline_API_PinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' - - type: object - properties: - pinnedEventId: - description: The `savedObjectId` of this pinned event - example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 - type: string - version: - description: The version of this pinned event - example: WzQ2LDFe - type: string - required: - - pinnedEventId - - version + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent_2' Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata: type: object properties: @@ -106371,12 +42208,8 @@ components: type: string value: oneOf: - - nullable: true - type: string - - items: - type: string - nullable: true - type: array + - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult_Value_1' + - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult_Value_2' Security_Timeline_API_ResolvedTimeline: type: object properties: @@ -106422,10 +42255,8 @@ components: type: string Security_Timeline_API_SavedObjectIds: oneOf: - - items: - type: string - type: array - - type: string + - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds_2' Security_Timeline_API_SavedObjectResolveAliasPurpose: enum: - savedObjectConversion @@ -106482,58 +42313,14 @@ components: nullable: true type: string dateRange: - description: The Timeline's search period. - example: - end: 1587456479201 - start: 1587370079200 - nullable: true - type: object - properties: - end: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - start: - oneOf: - - nullable: true - type: string - - nullable: true - type: number + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange' description: description: The Timeline's description example: Investigating exposure of CVE XYZ nullable: true type: string eqlOptions: - description: EQL query that is used in the correlation tab - example: - eventCategoryField: event.category - query: sequence\n[process where process.name == "sudo"]\n[any where true] - size: 100 - timestampField: '@timestamp' - nullable: true - type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions' eventType: deprecated: true description: Event types displayed in the Timeline @@ -106623,19 +42410,7 @@ components: Security_Timeline_API_SavedTimelineWithSavedObjectId: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - savedObjectId: - description: The `savedObjectId` of the Timeline or Timeline template - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - version: - description: The version of the Timeline or Timeline template - example: WzE0LDFd - type: string - required: - - savedObjectId - - version + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId_2' Security_Timeline_API_SerializedFilterQueryResult: description: KQL bar query. example: @@ -106647,28 +42422,11 @@ components: type: object properties: filterQuery: - nullable: true - type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult_FilterQuery' Security_Timeline_API_Sort: oneOf: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - type: array + - $ref: '#/components/schemas/Security_Timeline_API_Sort_2' Security_Timeline_API_SortFieldTimeline: description: The field to sort the timelines by. enum: @@ -106697,79 +42455,11 @@ components: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId' - - type: object - properties: - eventIdToNoteIds: - description: A list of all the notes that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - description: A list of all the ids of notes that are associated to this Timeline. - example: - - 709f99c6-89b6-4953-9160-35945c8e174e - items: - type: string - nullable: true - type: array - notes: - description: A list of all the notes that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - description: A list of all the ids of pinned events that are associated to this Timeline. - example: - - 983f99c6-89b6-4953-9160-35945c8a194f - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - description: A list of all the pinned events that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array + - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse_3' Security_Timeline_API_TimelineSavedToReturnObject: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version + - $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject_2' Security_Timeline_API_TimelineStatus: description: The status of the Timeline. enum: @@ -106874,13 +42564,7 @@ components: dashboards: description: Array of dashboard references items: - type: object - properties: - id: - description: Dashboard saved-object id - type: string - required: - - id + $ref: '#/components/schemas/SLOs_artifacts_Dashboards_Item' type: array title: Artifacts type: object @@ -106931,20 +42615,7 @@ components: results: description: The results of the bulk deletion operation, including the success status and any errors for each SLO items: - type: object - properties: - error: - description: The error message if the deletion operation failed for this SLO - example: SLO [d08506b7-f0e8-4f8b-a06a-a83940f4db91] not found - type: string - id: - description: The ID of the SLO that was deleted - example: d08506b7-f0e8-4f8b-a06a-a83940f4db91 - type: string - success: - description: The result of the deletion operation for this SLO - example: true - type: boolean + $ref: '#/components/schemas/SLOs_bulk_delete_status_response_Results_Item' type: array title: The status of the bulk deletion type: object @@ -106960,31 +42631,7 @@ components: type: string type: array purgePolicy: - description: Policy that dictates which SLI documents to purge based on age - oneOf: - - type: object - properties: - age: - description: The duration to determine which documents to purge, formatted as {duration}{unit}. This value should be greater than or equal to the time window of every SLO provided. - example: 7d - type: string - purgeType: - description: Specifies whether documents will be purged based on a specific age or on a timestamp - enum: - - fixed-age - type: string - - type: object - properties: - purgeType: - description: Specifies whether documents will be purged based on a specific age or on a timestamp - enum: - - fixed-time - type: string - timestamp: - description: The timestamp to determine which documents to purge, formatted in ISO. This value should be older than the applicable time window of every SLO provided. - example: '2024-12-31T00:00:00.000Z' - type: string - type: object + $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy' required: - list - purgePolicy @@ -107064,19 +42711,7 @@ components: list: description: An array of slo id and instance id items: - type: object - properties: - instanceId: - description: The SLO instance identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - sloId: - description: The SLO unique identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - sloId - - instanceId + $ref: '#/components/schemas/SLOs_delete_slo_instances_request_List_Item' type: array required: - list @@ -107113,7 +42748,7 @@ components: meta: $ref: '#/components/schemas/SLOs_filter_meta' query: - type: object + $ref: '#/components/schemas/SLOs_filter_Query' title: Filter type: object SLOs_filter_meta: @@ -107139,7 +42774,7 @@ components: negate: type: boolean params: - type: object + $ref: '#/components/schemas/SLOs_filter_meta_Params' type: type: string value: @@ -107150,49 +42785,8 @@ components: description: | A paginated response of SLO definitions matching the query. oneOf: - - type: object - properties: - page: - example: 1 - type: number - perPage: - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - total: - example: 34 - type: number - - type: object - properties: - page: - default: 1 - description: for backward compability - type: number - perPage: - description: for backward compability - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - searchAfter: - description: the cursor to provide to get the next paged results - example: - - some-slo-id - - other-cursor-id - items: - type: string - type: array - size: - example: 25 - type: number - total: - example: 34 - type: number + - $ref: '#/components/schemas/SLOs_find_slo_definitions_response_1' + - $ref: '#/components/schemas/SLOs_find_slo_definitions_response_2' title: Find SLO definitions response type: object SLOs_find_slo_response: @@ -107228,50 +42822,15 @@ components: - - service.name - service.environment oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/SLOs_group_by_1' + - $ref: '#/components/schemas/SLOs_group_by_2' title: Group by SLOs_indicator_properties_apm_availability: description: Defines properties for the APM availability indicator type type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index + $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability_Params' type: description: The type of indicator. example: sli.apm.transactionDuration @@ -107285,45 +42844,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - threshold: - description: The latency threshold in milliseconds - example: 250 - type: number - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - - threshold + $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency_Params' type: description: The type of indicator. example: sli.apm.transactionDuration @@ -107337,34 +42858,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - $ref: '#/components/schemas/SLOs_kql_with_filters' - good: - $ref: '#/components/schemas/SLOs_kql_with_filters_good' - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - $ref: '#/components/schemas/SLOs_kql_with_filters_total' - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql_Params' type: description: The type of indicator. example: sli.kql.custom @@ -107378,156 +42872,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "good" metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - oneOf: - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - type: array - required: - - metrics - - equation - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "total" metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - oneOf: - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - type: array - required: - - metrics - - equation - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params' type: description: The type of indicator. example: sli.metric.custom @@ -107541,94 +42886,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for good events. - example: 'processor.outcome: "success"' - type: string - from: - description: The starting value of the range. Only required for "range" aggregations. - example: 0 - type: number - to: - description: The ending value of the range. Only required for "range" aggregations. - example: 100 - type: number - required: - - aggregation - - field - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for total events. - example: 'processor.outcome : *' - type: string - from: - description: The starting value of the range. Only required for "range" aggregations. - example: 0 - type: number - to: - description: The ending value of the range. Only required for "range" aggregations. - example: 100 - type: number - required: - - aggregation - - field - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params' type: description: The type of indicator. example: sli.histogram.custom @@ -107642,78 +42900,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - index: - description: The index or index pattern to use - example: my-service-* - type: string - metric: - description: | - An object defining the metrics, equation, and threshold to determine if it's a good slice or not - type: object - properties: - comparator: - description: The comparator to use to compare the equation to the threshold. - enum: - - GT - - GTE - - LT - - LTE - example: GT - type: string - equation: - description: The equation to calculate the metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - anyOf: - - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' - - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' - discriminator: - mapping: - avg: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - cardinality: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - doc_count: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' - last_value: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - max: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - min: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - percentile: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' - std_deviation: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - sum: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - propertyName: aggregation - type: array - threshold: - description: The threshold used to determine if the metric is a good slice or not. - example: 100 - type: number - required: - - metrics - - equation - - comparator - - threshold - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - required: - - index - - timestampField - - metric + $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric_Params' type: description: The type of indicator. example: sli.metric.timeslice @@ -107725,47 +42912,20 @@ components: SLOs_kql_with_filters: description: Defines properties for a filter oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_2' title: KQL with filters SLOs_kql_with_filters_good: description: The KQL query used to define the good events. oneOf: - - description: the KQL query to filter the documents with. - example: 'request.latency <= 150 and request.status_code : "2xx"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_good_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_good_2' title: KQL query for good events SLOs_kql_with_filters_total: description: The KQL query used to define all events. oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_total_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_total_2' title: KQL query for all events SLOs_objective: description: Defines properties for the SLO objective @@ -108175,12 +43335,7 @@ components: last_update: type: string stats: - type: object - properties: - configuration: - $ref: '#/components/schemas/Task_manager_health_Serverless_APIs_configuration' - workload: - $ref: '#/components/schemas/Task_manager_health_Serverless_APIs_workload' + $ref: '#/components/schemas/Task_manager_health_Serverless_APIs_health_response_serverless_Stats' status: type: string timestamp: @@ -108189,3070 +43344,84851 @@ components: description: | This object summarizes the work load across the cluster, including the tasks in the system, their types, and current status. type: object - bedrock_config: - title: Connector request properties for an Amazon Bedrock connector - description: Defines properties for connectors when type is `.bedrock`. - type: object - required: - - apiUrl - properties: - apiUrl: - type: string - description: The Amazon Bedrock request URL. - defaultModel: - type: string - description: | - The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. - default: us.anthropic.claude-sonnet-4-5-20250929-v1:0 - crowdstrike_config: - title: Connector request config properties for a Crowdstrike connector - required: - - url - description: Defines config properties for connectors when type is `.crowdstrike`. - type: object - properties: - url: - description: | - The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - type: string - d3security_config: - title: Connector request properties for a D3 Security connector - description: Defines properties for connectors when type is `.d3security`. - type: object - required: - - url - properties: - url: - type: string - description: | - The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - email_config: - title: Connector request properties for an email connector - description: Defines properties for connectors when type is `.email`. - required: - - from + ApiActionsConnectorTypes_Get_Response_200_Item: + additionalProperties: false type: object properties: - clientId: - description: | - The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. - type: string - nullable: true - from: - description: | - The from address for all emails sent by the connector. It must be specified in `user@host-name` format. + allow_multiple_system_actions: + description: Indicates whether multiple instances of the same system action connector can be used in a single rule. + type: boolean + enabled: + description: Indicates whether the connector is enabled. + type: boolean + enabled_in_config: + description: Indicates whether the connector is enabled in the Kibana configuration. + type: boolean + enabled_in_license: + description: Indicates whether the connector is enabled through the license. + type: boolean + id: + description: The identifier for the connector. type: string - hasAuth: - description: | - Specifies whether a user and password are required inside the secrets configuration. - default: true + is_deprecated: + description: Indicates whether the connector type is deprecated. type: boolean - host: - description: | - The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + is_system_action_type: + description: Indicates whether the action is a system action. + type: boolean + minimum_license_required: + description: The minimum license required to enable the connector. + enum: + - basic + - standard + - gold + - platinum + - enterprise + - trial type: string - oauthTokenUrl: + name: + description: The name of the connector type. type: string - nullable: true - port: - description: | - The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: | - Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. + source: + description: The source of the connector type definition. + enum: + - yml + - spec + - stack type: string + sub_feature: + description: Indicates the sub-feature type the connector is grouped under. enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - tenantId: - description: | - The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + - endpointSecurity type: string - nullable: true - gemini_config: - title: Connector request properties for an Google Gemini connector - description: Defines properties for connectors when type is `.gemini`. - type: object + supported_feature_ids: + description: The list of supported features + items: + type: string + type: array required: - - apiUrl - - gcpRegion - - gcpProjectID + - id + - name + - enabled + - enabled_in_config + - enabled_in_license + - minimum_license_required + - supported_feature_ids + - is_system_action_type + - is_deprecated + - source + ApiActionsConnector_Get_Response_200: + additionalProperties: false + type: object properties: - apiUrl: - type: string - description: The Google Gemini request URL. - defaultModel: + config: + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - description: The generative artificial intelligence model for Google Gemini to use. - default: gemini-2.5-pro - gcpRegion: + id: + description: The identifier for the connector. type: string - description: The GCP region where the Vertex AI endpoint enabled. - gcpProjectID: + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - description: The Google ProjectID that has Vertex AI endpoint enabled. - resilient_config: - title: Connector request properties for a IBM Resilient connector required: - - apiUrl - - orgId - description: Defines properties for connectors when type is `.resilient`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Get_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnector_Post_Request: + additionalProperties: false type: object properties: - apiUrl: - description: The IBM Resilient instance URL. + config: + $ref: '#/components/schemas/ApiActionsConnector_Post_Request_Config' + connector_type_id: + description: The type of connector. type: string - orgId: - description: The IBM Resilient organization ID. + name: + description: The display name for the connector. type: string - index_config: - title: Connector request properties for an index connector + secrets: + $ref: '#/components/schemas/ApiActionsConnector_Post_Request_Secrets' required: - - index - description: Defines properties for connectors when type is `.index`. + - name + - connector_type_id + ApiActionsConnector_Post_Request_Config: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Post_Request_Secrets: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Post_Response_200: + additionalProperties: false type: object properties: - executionTimeField: - description: A field that indicates when the document was indexed. - default: null + config: + $ref: '#/components/schemas/ApiActionsConnector_Post_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - nullable: true - index: - description: The Elasticsearch index to be written to. + id: + description: The identifier for the connector. type: string - refresh: - description: | - The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs. - default: false + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. type: boolean - jira_config: - title: Connector request properties for a Jira connector + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' + type: string required: - - apiUrl - - projectKey - description: Defines properties for connectors when type is `.jira`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Post_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnector_Put_Request: + additionalProperties: false type: object properties: - apiUrl: - description: The Jira instance URL. - type: string - projectKey: - description: The Jira project key. + config: + $ref: '#/components/schemas/ApiActionsConnector_Put_Request_Config' + name: + description: The display name for the connector. type: string - defender_config: - title: Connector request properties for a Microsoft Defender for Endpoint connector + secrets: + $ref: '#/components/schemas/ApiActionsConnector_Put_Request_Secrets' required: - - apiUrl - - projectKey - description: Defines properties for connectors when type is `.microsoft_defender_endpoint`. + - name + ApiActionsConnector_Put_Request_Config: + additionalProperties: {} + default: {} type: object - properties: - apiUrl: - type: string - description: | - The URL of the Microsoft Defender for Endpoint API. If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts. - clientId: - type: string - description: The application (client) identifier for your app in the Azure portal. - oAuthScope: - type: string - description: The OAuth scopes or permission sets for the Microsoft Defender for Endpoint API. - oAuthServerUrl: - type: string - description: The OAuth server URL where authentication is sent and received for the Microsoft Defender for Endpoint API. - tenantId: - description: The tenant identifier for your app in the Azure portal. - type: string - genai_azure_config: - title: Connector request properties for an OpenAI connector that uses Azure OpenAI - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`. + ApiActionsConnector_Put_Request_Secrets: + additionalProperties: {} + default: {} type: object - required: - - apiProvider - - apiUrl - properties: - apiProvider: - type: string - description: The OpenAI API provider. - enum: - - Azure OpenAI - apiUrl: - type: string - description: The OpenAI API endpoint. - genai_openai_config: - title: Connector request properties for an OpenAI connector - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`. + ApiActionsConnector_Put_Response_200: + additionalProperties: false type: object - required: - - apiProvider - - apiUrl properties: - apiProvider: + config: + $ref: '#/components/schemas/ApiActionsConnector_Put_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - description: The OpenAI API provider. - enum: - - OpenAI - apiUrl: + id: + description: The identifier for the connector. type: string - description: The OpenAI API endpoint. - defaultModel: + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - description: The default model to use for requests. - opsgenie_config: - title: Connector request properties for an Opsgenie connector required: - - apiUrl - description: Defines properties for connectors when type is `.opsgenie`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Put_Response_200_Config: + additionalProperties: {} type: object - properties: - apiUrl: - description: | - The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - type: string - pagerduty_config: - title: Connector request properties for a PagerDuty connector - description: Defines properties for connectors when type is `.pagerduty`. + ApiActionsConnectorExecute_Post_Request: + additionalProperties: false type: object properties: - apiUrl: - description: The PagerDuty event URL. - type: string - nullable: true - example: https://events.pagerduty.com/v2/enqueue - sentinelone_config: - title: Connector request properties for a SentinelOne connector + params: + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Request_Params' required: - - url - description: Defines properties for connectors when type is `.sentinelone`. + - params + ApiActionsConnectorExecute_Post_Request_Params: + additionalProperties: {} type: object - properties: - url: - description: | - The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - type: string - servicenow_config: - title: Connector request properties for a ServiceNow ITSM connector - required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow`. + ApiActionsConnectorExecute_Post_Response_200: + additionalProperties: false type: object properties: - apiUrl: + config: + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - description: The ServiceNow instance URL. - clientId: - description: | - The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + id: + description: The identifier for the connector. type: string - isOAuth: - description: | - The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). - default: false + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. type: boolean - jwtKeyId: - description: | - The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: | - The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. - type: string - usesTableApi: - description: | - Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow. - default: true + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean - servicenow_itom_config: - title: Connector request properties for a ServiceNow ITOM connector + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' + type: string required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow-itom`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnectorExecute_Post_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnectors_Get_Response_200_Item: + additionalProperties: false type: object properties: - apiUrl: + config: + $ref: '#/components/schemas/ApiActionsConnectors_Get_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - description: The ServiceNow instance URL. - clientId: - description: | - The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + id: + description: The identifier for the connector. type: string - isOAuth: - description: | - The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). - default: false + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. type: boolean - jwtKeyId: - description: | - The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. - type: string - userIdentifierValue: - description: | - The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - slack_api_config: - title: Connector request properties for a Slack connector - description: Defines properties for connectors when type is `.slack_api`. - type: object - properties: - allowedChannels: - type: array - description: A list of valid Slack channels. - items: - type: object - required: - - id - - name - maxItems: 25 - properties: - id: - type: string - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - name: - type: string - description: The Slack channel name. - minLength: 1 - swimlane_config: - title: Connector request properties for a Swimlane connector + referenced_by_count: + description: The number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated. + type: number required: - - apiUrl - - appId - - connectorType - description: Defines properties for connectors when type is `.swimlane`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + - referenced_by_count + ApiActionsConnectors_Get_Response_200_Config: + additionalProperties: {} + type: object + ApiAgentBuilderAgents_Post_Request: + additionalProperties: false type: object properties: - apiUrl: - description: The Swimlane instance URL. + avatar_color: + description: Optional hex color code for the agent avatar. type: string - appId: - description: The Swimlane application ID. + avatar_symbol: + description: Optional symbol/initials for the agent avatar. type: string - connectorType: - description: The type of connector. Valid values are `all`, `alerts`, and `cases`. + configuration: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request_Configuration' + description: + description: Description of what the agent does. type: string - enum: - - all - - alerts - - cases - mappings: - title: Connector mappings properties for a Swimlane connector - description: The field mapping. - type: object - properties: - alertIdConfig: - title: Alert identifier mapping - description: Mapping for the alert ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseIdConfig: - title: Case identifier mapping - description: Mapping for the case ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseNameConfig: - title: Case name mapping - description: Mapping for the case name. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - commentsConfig: - title: Case comment mapping - description: Mapping for the case comments. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - descriptionConfig: - title: Case description mapping - description: Mapping for the case description. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - ruleNameConfig: - title: Rule name mapping - description: Mapping for the name of the alert's rule. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - severityConfig: - title: Severity mapping - description: Mapping for the severity. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - thehive_config: - title: Connector request properties for a TheHive connector - description: Defines configuration properties for connectors when type is `.thehive`. - type: object - required: - - url - properties: - organisation: + id: + description: Unique identifier for the agent. type: string - description: | - The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key. - url: + labels: + description: Optional labels for categorizing and organizing agents. + items: + description: Label for categorizing the agent. + type: string + type: array + name: + description: Display name for the agent. type: string - description: | - The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - tines_config: - title: Connector request properties for a Tines connector - description: Defines properties for connectors when type is `.tines`. - type: object required: - - url + - id + - name + - description + - configuration + ApiAgentBuilderAgents_Post_Request_Configuration: + additionalProperties: false + description: Configuration settings for the agent. + type: object properties: - url: - description: | - The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. + instructions: + description: Optional system instructions that define the agent behavior. type: string - torq_config: - title: Connector request properties for a Torq connector - description: Defines properties for connectors when type is `.torq`. + tools: + items: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request_Configuration_Tools_Item' + type: array + required: + - tools + ApiAgentBuilderAgents_Post_Request_Configuration_Tools_Item: + additionalProperties: false + description: Tool selection configuration for the agent. type: object + properties: + tool_ids: + description: Array of tool IDs that the agent can use. + items: + description: Tool ID to be available to the agent. + type: string + type: array required: - - webhookIntegrationUrl + - tool_ids + ApiAgentBuilderAgents_Put_Request: + additionalProperties: false + type: object properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - auth_type: - title: Authentication type - type: string - nullable: true - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - description: | - The type of authentication to use: basic, SSL, or none. - ca: - title: Certificate authority - type: string - description: | - A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types. - cert_type: - title: Certificate type - type: string - description: | - If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx - has_auth: - title: Has authentication - type: boolean - description: If true, a username and password for login type authentication must be provided. - default: true - verification_mode: - title: Verification mode - type: string - enum: - - certificate - - full - - none - default: full - description: | - Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation. - webhook_config: - title: Connector request properties for a Webhook connector - description: Defines properties for connectors when type is `.webhook`. - type: object - properties: - authType: - $ref: '#/components/schemas/auth_type' - ca: - $ref: '#/components/schemas/ca' - certType: - $ref: '#/components/schemas/cert_type' - hasAuth: - $ref: '#/components/schemas/has_auth' - headers: - type: object - nullable: true - description: A set of key-value pairs sent as headers with the request. - method: - type: string - default: post - enum: - - post - - put - description: | - The HTTP request method, either `post` or `put`. - url: - type: string - description: | - The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - verificationMode: - $ref: '#/components/schemas/verification_mode' - cases_webhook_config: - title: Connector request properties for Webhook - Case Management connector - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - authType: - $ref: '#/components/schemas/auth_type' - ca: - $ref: '#/components/schemas/ca' - certType: - $ref: '#/components/schemas/cert_type' - createCommentJson: - type: string - description: | - A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - example: '{"body": {{{case.comment}}}}' - createCommentMethod: - type: string - description: | - The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`. - default: put - enum: - - patch - - post - - put - createCommentUrl: - type: string - description: | - The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.id}}}/comment - createIncidentJson: - type: string - description: | - A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. - example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' - createIncidentMethod: - type: string - description: | - The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - default: post - createIncidentResponseKey: - type: string - description: The JSON key in the create external case response that contains the case ID. - createIncidentUrl: + avatar_color: + description: Updated hex color code for the agent avatar. type: string - description: | - The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - getIncidentResponseExternalTitleKey: - type: string - description: The JSON key in get external case response that contains the case title. - getIncidentUrl: - type: string - description: | - The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - example: https://example.com/issue/{{{external.system.id}}} - hasAuth: - $ref: '#/components/schemas/has_auth' - headers: - type: string - description: | - A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods. - updateIncidentJson: - type: string - description: | - The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. - example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' - updateIncidentMethod: + avatar_symbol: + description: Updated symbol/initials for the agent avatar. type: string - description: | - The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`. - default: put - enum: - - patch - - post - - put - updateIncidentUrl: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request_Configuration' + description: + description: Updated description of what the agent does. type: string - description: | - The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.ID}}} - verificationMode: - $ref: '#/components/schemas/verification_mode' - viewIncidentUrl: + labels: + description: Updated labels for categorizing and organizing agents. + items: + description: Updated label for categorizing the agent. + type: string + type: array + name: + description: Updated display name for the agent. type: string - description: | - The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL. - example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - xmatters_config: - title: Connector request properties for an xMatters connector - description: Defines properties for connectors when type is `.xmatters`. + ApiAgentBuilderAgents_Put_Request_Configuration: + additionalProperties: false + description: Updated configuration settings for the agent. type: object properties: - configUrl: - description: | - The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`. + instructions: + description: Updated system instructions that define the agent behavior. type: string - nullable: true - usesBasic: - description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`). - type: boolean - default: true - bedrock_secrets: - title: Connector secrets properties for an Amazon Bedrock connector - description: Defines secrets for connectors when type is `.bedrock`. + tools: + items: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request_Configuration_Tools_Item' + type: array + ApiAgentBuilderAgents_Put_Request_Configuration_Tools_Item: + additionalProperties: false + description: Tool selection configuration for the agent. type: object + properties: + tool_ids: + description: Array of tool IDs that the agent can use. + items: + description: Tool ID to be available to the agent. + type: string + type: array required: - - accessKey - - secret + - tool_ids + ApiAgentBuilderConversationsAttachments_Post_Request: + additionalProperties: false + type: object properties: - accessKey: + data: {} + description: + description: Human-readable description of the attachment. type: string - description: The AWS access key for authentication. - secret: + hidden: + description: Whether the attachment should be hidden from the user. + type: boolean + id: + description: Optional custom ID for the attachment. + type: string + type: + description: The type of the attachment (e.g., text, json, visualization_ref). type: string - description: The AWS secret for authentication. - crowdstrike_secrets: - title: Connector secrets properties for a Crowdstrike connector - description: Defines secrets for connectors when type is `.crowdstrike`. - type: object required: - - clientId - - clientSecret + - type + - data + ApiAgentBuilderConversationsAttachments_Patch_Request: + additionalProperties: false + type: object properties: - clientId: - description: The CrowdStrike API client identifier. - type: string - clientSecret: - description: The CrowdStrike API client secret to authenticate the `clientId`. + description: + description: The new description/name for the attachment. type: string - d3security_secrets: - title: Connector secrets properties for a D3 Security connector - description: Defines secrets for connectors when type is `.d3security`. required: - - token + - description + ApiAgentBuilderConversationsAttachments_Put_Request: + additionalProperties: false type: object properties: - token: + data: {} + description: + description: Optional new description for the attachment. type: string - description: The D3 Security token. - email_secrets: - title: Connector secrets properties for an email connector - description: Defines secrets for connectors when type is `.email`. + required: + - data + ApiAgentBuilderConverse_Post_Request: + additionalProperties: false type: object properties: - clientSecret: + agent_id: + default: elastic-ai-agent + description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. type: string - description: | - The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required. - password: + attachments: + description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' + items: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Attachments_Item' + type: array + browser_api_tools: + description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Browser_api_tools_Item' + type: array + capabilities: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Capabilities' + configuration_overrides: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Configuration_overrides' + connector_id: + description: Optional connector ID for the agent to use for external integrations. type: string - description: | - The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. - user: + conversation_id: + description: Optional existing conversation ID to continue a previous conversation. type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. - gemini_secrets: - title: Connector secrets properties for a Google Gemini connector - description: Defines secrets for connectors when type is `.gemini`. + input: + description: The user input message to send to the agent. + type: string + prompts: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Prompts' + ApiAgentBuilderConverse_Post_Request_Attachments_Item: + additionalProperties: false type: object - required: - - credentialsJson properties: - credentialsJson: + data: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Attachments_Data' + hidden: + description: When true, the attachment will not be displayed in the UI. + type: boolean + id: + description: Optional id for the attachment. + type: string + type: + description: Type of the attachment. type: string - description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it. - resilient_secrets: - title: Connector secrets properties for IBM Resilient connector required: - - apiKeyId - - apiKeySecret - description: Defines secrets for connectors when type is `.resilient`. + - type + - data + ApiAgentBuilderConverse_Post_Request_Attachments_Data: + additionalProperties: {} + description: Payload of the attachment. + type: object + ApiAgentBuilderConverse_Post_Request_Browser_api_tools_Item: + additionalProperties: false type: object properties: - apiKeyId: + description: + description: Description of what the browser API tool does. type: string - description: The authentication key ID for HTTP Basic authentication. - apiKeySecret: + id: + description: Unique identifier for the browser API tool. type: string - description: The authentication key secret for HTTP Basic authentication. - jira_secrets: - title: Connector secrets properties for a Jira connector + schema: {} required: - - apiToken - - email - description: Defines secrets for connectors when type is `.jira`. + - id + - description + - schema + ApiAgentBuilderConverse_Post_Request_Capabilities: + additionalProperties: false + description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. type: object properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - teams_secrets: - title: Connector secrets properties for a Microsoft Teams connector - description: Defines secrets for connectors when type is `.teams`. + visualizations: + description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. + type: boolean + ApiAgentBuilderConverse_Post_Request_Configuration_overrides: + additionalProperties: false + description: Runtime configuration overrides. These override the stored agent configuration for this execution only. type: object - required: - - webhookUrl properties: - webhookUrl: + instructions: + description: Custom instructions for the agent. type: string - description: | - The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - genai_secrets: - title: Connector secrets properties for an OpenAI connector - description: | - Defines secrets for connectors when type is `.gen-ai`. Supports both API key authentication (OpenAI, Azure OpenAI, and `Other`) and PKI authentication (`Other` provider only). PKI fields must be base64-encoded PEM content. + tools: + description: Tool selection to enable for this execution. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Configuration_overrides_Tools_Item' + type: array + ApiAgentBuilderConverse_Post_Request_Configuration_overrides_Tools_Item: + additionalProperties: false type: object properties: - apiKey: - type: string - description: | - The API key for authentication. For OpenAI and Azure OpenAI providers, it is required. For the `Other` provider, it is required if you do not use PKI authentication. With PKI, you can also optionally include an API key if the OpenAI-compatible service supports or requires one. - certificateData: - type: string - description: | - Base64-encoded PEM certificate content for PKI authentication (Other provider only). Required for PKI. - minLength: 1 - privateKeyData: - type: string - description: | - Base64-encoded PEM private key content for PKI authentication (Other provider only). Required for PKI. - minLength: 1 - caData: - type: string - description: | - Base64-encoded PEM CA certificate content for PKI authentication (Other provider only). Optional. - minLength: 1 - opsgenie_secrets: - title: Connector secrets properties for an Opsgenie connector + tool_ids: + items: + type: string + type: array required: - - apiKey - description: Defines secrets for connectors when type is `.opsgenie`. + - tool_ids + ApiAgentBuilderConverse_Post_Request_Prompts: + additionalProperties: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Prompts_Value' + description: Can be used to respond to a confirmation prompt. type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - pagerduty_secrets: - title: Connector secrets properties for a PagerDuty connector - description: Defines secrets for connectors when type is `.pagerduty`. + ApiAgentBuilderConverse_Post_Request_Prompts_Value: + additionalProperties: false type: object - required: - - routingKey properties: - routingKey: - description: | - A 32 character PagerDuty Integration Key for an integration on a service. - type: string - sentinelone_secrets: - title: Connector secrets properties for a SentinelOne connector - description: Defines secrets for connectors when type is `.sentinelone`. - type: object + allow: + type: boolean required: - - token - properties: - token: - description: The A SentinelOne API token. - type: string - servicenow_secrets: - title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors - description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`. + - allow + ApiAgentBuilderConverseAsync_Post_Request: + additionalProperties: false type: object properties: - clientSecret: + agent_id: + default: elastic-ai-agent + description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. type: string - description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`. - password: + attachments: + description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Attachments_Item' + type: array + browser_api_tools: + description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Browser_api_tools_Item' + type: array + capabilities: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Capabilities' + configuration_overrides: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides' + connector_id: + description: Optional connector ID for the agent to use for external integrations. type: string - description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`. - privateKey: + conversation_id: + description: Optional existing conversation ID to continue a previous conversation. type: string - description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`. - privateKeyPassword: + input: + description: The user input message to send to the agent. type: string - description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key. - username: - type: string - description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`. - slack_api_secrets: - title: Connector secrets properties for a Web API Slack connector - description: Defines secrets for connectors when type is `.slack`. - required: - - token + prompts: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Prompts' + ApiAgentBuilderConverseAsync_Post_Request_Attachments_Item: + additionalProperties: false type: object properties: - token: + data: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Attachments_Data' + hidden: + description: When true, the attachment will not be displayed in the UI. + type: boolean + id: + description: Optional id for the attachment. type: string - description: Slack bot user OAuth token. - swimlane_secrets: - title: Connector secrets properties for a Swimlane connector - description: Defines secrets for connectors when type is `.swimlane`. - type: object - properties: - apiToken: - description: Swimlane API authentication token. + type: + description: Type of the attachment. type: string - thehive_secrets: - title: Connector secrets properties for a TheHive connector - description: Defines secrets for connectors when type is `.thehive`. required: - - apiKey + - type + - data + ApiAgentBuilderConverseAsync_Post_Request_Attachments_Data: + additionalProperties: {} + description: Payload of the attachment. type: object - properties: - apiKey: - type: string - description: The API key for authentication in TheHive. - tines_secrets: - title: Connector secrets properties for a Tines connector - description: Defines secrets for connectors when type is `.tines`. + ApiAgentBuilderConverseAsync_Post_Request_Browser_api_tools_Item: + additionalProperties: false type: object - required: - - email - - token properties: - email: - description: The email used to sign in to Tines. + description: + description: Description of what the browser API tool does. type: string - token: - description: The Tines API token. + id: + description: Unique identifier for the browser API tool. type: string - torq_secrets: - title: Connector secrets properties for a Torq connector - description: Defines secrets for connectors when type is `.torq`. - type: object + schema: {} required: - - token - properties: - token: - description: The secret of the webhook authentication header. - type: string - crt: - title: Certificate - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. - key: - title: Certificate key - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file. - pfx: - title: Personal information exchange - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - webhook_secrets: - title: Connector secrets properties for a Webhook connector - description: Defines secrets for connectors when type is `.webhook`. + - id + - description + - schema + ApiAgentBuilderConverseAsync_Post_Request_Capabilities: + additionalProperties: false + description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. type: object properties: - crt: - $ref: '#/components/schemas/crt' - key: - $ref: '#/components/schemas/key' - pfx: - $ref: '#/components/schemas/pfx' - password: - type: string - description: | - The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - user: - type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - cases_webhook_secrets: - title: Connector secrets properties for Webhook - Case Management connector + visualizations: + description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. + type: boolean + ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides: + additionalProperties: false + description: Runtime configuration overrides. These override the stored agent configuration for this execution only. type: object properties: - crt: - $ref: '#/components/schemas/crt' - key: - $ref: '#/components/schemas/key' - pfx: - $ref: '#/components/schemas/pfx' - password: - type: string - description: | - The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required. - user: + instructions: + description: Custom instructions for the agent. type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - xmatters_secrets: - title: Connector secrets properties for an xMatters connector - description: Defines secrets for connectors when type is `.xmatters`. + tools: + description: Tool selection to enable for this execution. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides_Tools_Item' + type: array + ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides_Tools_Item: + additionalProperties: false type: object properties: - password: - description: | - A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. - type: string - secretsUrl: - description: | - The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`. - type: string - user: - description: | - A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. - type: string - genai_openai_other_config: - title: Connector request properties for an OpenAI connector with Other provider - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `Other` (OpenAI-compatible service), including optional PKI authentication. + tool_ids: + items: + type: string + type: array + required: + - tool_ids + ApiAgentBuilderConverseAsync_Post_Request_Prompts: + additionalProperties: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Prompts_Value' + description: Can be used to respond to a confirmation prompt. + type: object + ApiAgentBuilderConverseAsync_Post_Request_Prompts_Value: + additionalProperties: false type: object + properties: + allow: + type: boolean required: - - apiProvider - - apiUrl - - defaultModel + - allow + ApiAgentBuilderTools_Post_Request: + additionalProperties: false + type: object properties: - apiProvider: - type: string - description: The OpenAI API provider. - enum: - - Other - apiUrl: - type: string - description: The OpenAI-compatible API endpoint. - defaultModel: - type: string - description: The default model to use for requests. - certificateData: - type: string - description: PEM-encoded certificate content. - minLength: 1 - privateKeyData: - type: string - description: PEM-encoded private key content. - minLength: 1 - caData: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderTools_Post_Request_Configuration' + description: + default: '' + description: Description of what the tool does. type: string - description: PEM-encoded CA certificate content. - minLength: 1 - verificationMode: + id: + description: Unique identifier for the tool. type: string - description: SSL verification mode for PKI authentication. - enum: - - full - - certificate - - none - default: full - headers: - type: object - description: Custom headers to include in requests. - additionalProperties: + tags: + default: [] + description: Optional tags for categorizing and organizing tools. + items: + description: Tag for categorizing the tool. type: string - defender_secrets: - title: Connector secrets properties for a Microsoft Defender for Endpoint connector + type: array + type: + description: The type of tool to create (e.g., esql, index_search). + enum: + - esql + - index_search + - workflow + - mcp + type: string required: - - clientSecret - description: Defines secrets for connectors when type is `..microsoft_defender_endpoint`. + - id + - type + - configuration + ApiAgentBuilderTools_Post_Request_Configuration: + additionalProperties: {} + description: Tool-specific configuration parameters. See examples for details. type: object - properties: - clientSecret: - description: The client secret for your app in the Azure portal. - type: string - run_acknowledge_resolve_pagerduty: - title: PagerDuty connector parameters - description: Test an action that acknowledges or resolves a PagerDuty alert. + ApiAgentBuilderToolsExecute_Post_Request: + additionalProperties: false type: object - required: - - dedupKey - - eventAction properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. + connector_id: + description: Optional connector ID for tools that require external integrations. type: string - maxLength: 255 - eventAction: - description: The type of event. + tool_id: + description: The ID of the tool to execute. type: string - enum: - - acknowledge - - resolve - run_documents: - title: Index connector parameters - description: Test an action that indexes a document into Elasticsearch. - type: object + tool_params: + $ref: '#/components/schemas/ApiAgentBuilderToolsExecute_Post_Request_Tool_params' required: - - documents + - tool_id + - tool_params + ApiAgentBuilderToolsExecute_Post_Request_Tool_params: + additionalProperties: {} + description: Parameters to pass to the tool execution. See examples for details + type: object + ApiAgentBuilderTools_Put_Request: + additionalProperties: false + type: object properties: - documents: - type: array - description: The documents in JSON format for index connectors. + configuration: + $ref: '#/components/schemas/ApiAgentBuilderTools_Put_Request_Configuration' + description: + description: Updated description of what the tool does. + type: string + tags: + description: Updated tags for categorizing and organizing tools. items: - type: object - additionalProperties: true - run_message_email: - title: Email connector parameters - description: | - Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`. + description: Updated tag for categorizing the tool. + type: string + type: array + ApiAgentBuilderTools_Put_Request_Configuration: + additionalProperties: {} + description: Updated tool-specific configuration parameters. See examples for details. + type: object + ApiAlertingRule_Get_Response_200: + additionalProperties: false type: object - required: - - message - - subject properties: - bcc: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Item' type: array + active_snoozes: items: + description: List of active snoozes for the rule. type: string - description: | - A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format - cc: type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: items: + description: 'List of identifiers of muted alerts. ' type: string - description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format - message: + type: array + name: + description: ' The name of the rule.' type: string - description: The email message text. Markdown format is supported. - subject: + next_run: + description: Date and time of the next run of the rule. + nullable: true type: string - description: The subject line of the email. - to: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_Item' type: array - description: | - A list of email addresses. Addresses can be specified in `user@host-name` format or in name `` format. + tags: items: + description: The tags for the rule. type: string - run_message_serverlog: - title: Server log connector parameters - description: Test an action that writes an entry to the Kibana server log. - type: object - required: - - message - properties: - level: + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true type: string - description: The log level of the message for server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - default: info - message: + updated_at: + description: The date and time that the rule was updated most recently. type: string - description: The message for server log connectors. - run_message_slack: - title: Slack connector parameters - description: | - Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`. - type: object - required: - - message - properties: - message: + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true type: string - description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting. - run_trigger_pagerduty: - title: PagerDuty connector parameters - description: Test an action that triggers a PagerDuty alert. - type: object required: - - eventAction + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Get_Response_200_Actions_Item: + additionalProperties: false + type: object properties: - class: - description: The class or type of the event. - type: string - example: cpu load - component: - description: The component of the source machine that is responsible for the event. - type: string - example: eth0 - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: - description: | - All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. - type: string - maxLength: 255 - eventAction: - description: The type of event. + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. type: string - enum: - - trigger + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Frequency' group: - description: The logical grouping of components of a service. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string - example: app-stack - links: - description: A list of links to add to the event. - type: array - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - severity: - description: The severity of the event on the affected system. + id: + description: The identifier for the connector saved object. type: string - enum: - - critical - - error - - info - - warning - default: info - source: - description: | - The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action. + params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. type: string - summary: - description: A summery of the event. + required: + - id + - connector_type_id + - params + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string - maxLength: 1024 - timestamp: - description: An ISO-8601 timestamp that indicates when the event was detected or generated. + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). type: string - format: date-time - run_addevent: - title: The addEvent subaction + required: + - kql + - filters + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query' required: - - subAction - description: The `addEvent` subaction for ServiceNow ITOM connectors. + - meta + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object properties: - subAction: - type: string - description: The action to test. + store: + description: A filter can be either specific to an application context or applied globally. enum: - - addEvent - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - additional_info: - type: string - description: Additional information about the event. - description: - type: string - description: The details about the event. - event_class: - type: string - description: A specific instance of the source. - message_key: - type: string - description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. - metric_name: - type: string - description: The name of the metric. - node: - type: string - description: The host that the event was triggered for. - resource: - type: string - description: The name of the resource. - severity: - type: string - description: The severity of the event. - source: - type: string - description: The name of the event source type. - time_of_event: - type: string - description: The time of the event. - type: - type: string - description: The type of event. - run_closealert: - title: The closeAlert subaction - type: object + - appState + - globalState + type: string required: - - subAction - - subActionParams - description: The `closeAlert` subaction for Opsgenie connectors. + - store + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object properties: - subAction: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string - description: The action to test. - enum: - - closeAlert - subActionParams: - type: object - required: - - alias - properties: - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. - note: - type: string - description: Additional information for the alert. - source: - type: string - description: The display name for the source of the alert. - user: - type: string - description: The display name for the owner. - run_closeincident: - title: The closeIncident subaction - type: object required: - - subAction - - subActionParams - description: The `closeIncident` subaction for ServiceNow ITSM connectors. + - days + - hours + - timezone + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object properties: - subAction: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string - description: The action to test. - enum: - - closeIncident - subActionParams: - type: object - required: - - incident - properties: - incident: - type: object - anyOf: - - required: - - correlation_id - - required: - - externalId - properties: - correlation_id: - type: string - nullable: true - description: | - An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID. - maxLength: 100 - default: '{{rule.id}}:{{alert.id}}' - externalId: - type: string - nullable: true - description: The unique identifier (`incidentId`) for the incident in ServiceNow. - run_createalert: - title: The createAlert subaction - type: object required: - - subAction - - subActionParams - description: The `createAlert` subaction for Opsgenie and TheHive connectors. + - start + - end + ApiAlertingRule_Get_Response_200_Actions_Frequency: + additionalProperties: false + type: object properties: - subAction: - type: string - description: The action to test. + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - - createAlert - subActionParams: - type: object - properties: - actions: - type: array - description: The custom actions available to the alert in Opsgenie connectors. - items: - type: string - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. - description: - type: string - description: A description that provides detailed information about the alert. - details: - type: object - description: The custom properties of the alert in Opsgenie connectors. - additionalProperties: true - example: - key1: value1 - key2: value2 - entity: - type: string - description: The domain of the alert in Opsgenie connectors. For example, the application or server name. - message: - type: string - description: The alert message in Opsgenie connectors. - note: - type: string - description: Additional information for the alert in Opsgenie connectors. - priority: - type: string - description: The priority level for the alert in Opsgenie connectors. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - responders: - type: array - description: | - The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: The type of responders, in this case `escalation`. - enum: - - escalation - - schedule - - team - - user - username: - type: string - description: A valid email address for the user. - severity: - type: integer - minimum: 1 - maximum: 4 - description: | - The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). - source: - type: string - description: The display name for the source of the alert in Opsgenie and TheHive connectors. - sourceRef: - type: string - description: A source reference for the alert in TheHive connectors. - tags: - type: array - description: The tags for the alert in Opsgenie and TheHive connectors. - items: - type: string - title: - type: string - description: | - A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base. - tlp: - type: integer - minimum: 0 - maximum: 4 - default: 2 - description: | - The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). - type: - type: string - description: The type of alert in TheHive connectors. - user: - type: string - description: The display name for the owner. - visibleTo: - type: array - description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. - items: - type: object - required: - - type - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: Valid values are `team` and `user`. - enum: - - team - - user - username: - type: string - description: The user name. This property is required only when the `type` is `user`. - run_fieldsbyissuetype: - title: The fieldsByIssueType subaction + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Get_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Get_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number required: - - subAction - - subActionParams - description: The `fieldsByIssueType` subaction for Jira connectors. + - active + ApiAlertingRule_Get_Response_200_Artifacts: + additionalProperties: false + type: object properties: - subAction: - type: string - description: The action to test. - enum: - - fieldsByIssueType - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue type identifier. - example: 10024 - run_getagentdetails: - title: The getAgentDetails subaction + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Get_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false type: object - required: - - subAction - - subActionParams - description: The `getAgentDetails` subaction for CrowdStrike connectors. properties: - subAction: + id: type: string - description: The action to test. - enum: - - getAgentDetails - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - ids - properties: - ids: - type: array - description: An array of CrowdStrike agent identifiers. - items: - type: string - run_getagents: - title: The getAgents subaction - type: object required: - - subAction - description: The `getAgents` subaction for SentinelOne connectors. + - id + ApiAlertingRule_Get_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object properties: - subAction: + blob: + description: User-created content that describes alert causes and remdiation. type: string - description: The action to test. - enum: - - getAgents - run_getchoices: - title: The getChoices subaction - type: object required: - - subAction - - subActionParams - description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. + - blob + ApiAlertingRule_Get_Response_200_Execution_status: + additionalProperties: false + type: object properties: - subAction: + error: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. type: string - description: The action to test. + status: + description: Status of rule execution. enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - run_getfields: - title: The getFields subaction - type: object + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status_Warning' required: - - subAction - description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + - status + - last_execution_date + ApiAlertingRule_Get_Response_200_Execution_status_Error: + additionalProperties: false + type: object properties: - subAction: + message: + description: Error message. type: string - description: The action to test. + reason: + description: Reason for error. enum: - - getFields - run_getincident: - title: The getIncident subaction - type: object - description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string required: - - subAction - - subActionParams + - reason + - message + ApiAlertingRule_Get_Response_200_Execution_status_Warning: + additionalProperties: false + type: object properties: - subAction: + message: + description: Warning message. type: string - description: The action to test. + reason: + description: Reason for warning. enum: - - getIncident - subActionParams: - type: object - required: - - externalId - properties: - externalId: - type: string - description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. - example: 71778 - run_issue: - title: The issue subaction + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Get_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number required: - - subAction - description: The `issue` subaction for Jira connectors. + - look_back_window + - status_change_threshold + ApiAlertingRule_Get_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object properties: - subAction: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed type: string - description: The action to test. + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. enum: - - issue - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue identifier. - example: 71778 - run_issues: - title: The issues subaction - type: object + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string required: - - subAction - - subActionParams - description: The `issues` subaction for Jira connectors. + - outcome + - alerts_count + ApiAlertingRule_Get_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object properties: - subAction: - type: string - description: The action to test. - enum: - - issues - subActionParams: - type: object - required: - - title - properties: - title: - type: string - description: The title of the Jira issue. - run_issuetypes: - title: The issueTypes subaction + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Get_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run' required: - - subAction - description: The `issueTypes` subaction for Jira connectors. + - run + ApiAlertingRule_Get_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object properties: - subAction: - type: string - description: The action to test. - enum: - - issueTypes - run_postmessage: - title: The postMessage subaction + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Get_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. type: object - description: | - Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`. + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number required: - - subAction - - subActionParams + - success_ratio + ApiAlertingRule_Get_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object properties: - subAction: - type: string - description: The action to test. + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - - postMessage - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - channelIds: - type: array - maxItems: 1 - description: | - The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration. - items: - type: string - channels: - type: array - deprecated: true - description: | - The name of a channel that your Slack app has access to. - maxItems: 1 - items: - type: string - text: - type: string - description: | - The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages. - minLength: 1 - run_pushtoservice: - title: The pushToService subaction - type: object + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number required: - - subAction - - subActionParams - description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. + - success + - timestamp + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object properties: - subAction: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - comments: - type: array - description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident. - properties: - additional_fields: - type: string - nullable: true - maxLength: 20 - description: | - Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format. - alertId: - type: string - description: The alert identifier for Swimlane connectors. - caseId: - type: string - description: The case identifier for the incident for Swimlane connectors. - caseName: - type: string - description: The case name for the incident for Swimlane connectors. - category: - type: string - description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. - correlation_id: - type: string - description: | - The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. - dest_ip: - description: | - A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - externalId: - type: string - description: | - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - id: - type: string - description: The external case identifier for Webhook - Case Management connectors. - impact: - type: string - description: The impact of the incident for ServiceNow ITSM connectors. - issueType: - type: integer - description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. - labels: - type: array - items: - type: string - description: | - The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces. - malware_hash: - description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - malware_url: - type: string - description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - otherFields: - type: object - additionalProperties: true - maxProperties: 20 - description: | - Custom field identifiers and their values for Jira connectors. - parent: - type: string - description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. - priority: - type: string - description: The priority of the incident in Jira and ServiceNow SecOps connectors. - ruleName: - type: string - description: The rule name for Swimlane connectors. - severity: - type: integer - description: | - The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). - short_description: - type: string - description: | - A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. - source_ip: - description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - status: - type: string - description: The status of the incident for Webhook - Case Management connectors. - subcategory: - type: string - description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - summary: - type: string - description: A summary of the incident for Jira connectors. - tags: - type: array - items: - type: string - description: A list of tags for TheHive and Webhook - Case Management connectors. - title: - type: string - description: | - A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base. - tlp: - type: integer - minimum: 0 - maximum: 4 - default: 2 - description: | - The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). - urgency: - type: string - description: The urgency of the incident for ServiceNow ITSM connectors. - run_validchannelid: - title: The validChannelId subaction + required: + - timestamp + - metrics + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Get_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Get_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRule_Post_Request: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Item' + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Alert_delay' + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + enabled: + default: true + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Flapping' + name: + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Params' + rule_type_id: + description: The rule type identifier. + type: string + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Schedule' + tags: + default: [] + description: The tags for the rule. + items: + type: string + type: array + throttle: + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - name + - rule_type_id + - consumer + - schedule + ApiAlertingRule_Post_Request_Actions_Item: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter' + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + ApiAlertingRule_Post_Request_Actions_Alerts_filter: + additionalProperties: false + description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Post_Request_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Post_Request_Actions_Params: + additionalProperties: {} + default: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Post_Request_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Post_Request_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts_Dashboards_Item' + maxItems: 10 + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts_Investigation_guide' + ApiAlertingRule_Post_Request_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Post_Request_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + maxLength: 10000 + type: string + required: + - blob + ApiAlertingRule_Post_Request_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Post_Request_Params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Post_Request_Schedule: + additionalProperties: false + description: The check interval, which specifies how frequently the rule conditions are checked. + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Post_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Post_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Post_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Post_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Post_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Post_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Post_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Post_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRule_Post_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRule_Post_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRule_Post_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Post_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Post_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRule_Post_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Post_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRule_Post_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Post_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRule_Post_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Post_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Post_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRule_Put_Request: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Item' + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Alert_delay' + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Flapping' + name: + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Params' + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Schedule' + tags: + default: [] + items: + description: The tags for the rule. + type: string + type: array + throttle: + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - name + - schedule + ApiAlertingRule_Put_Request_Actions_Item: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter' + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + ApiAlertingRule_Put_Request_Actions_Alerts_filter: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Put_Request_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Put_Request_Actions_Params: + additionalProperties: {} + default: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Put_Request_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Put_Request_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts_Dashboards_Item' + maxItems: 10 + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts_Investigation_guide' + ApiAlertingRule_Put_Request_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Put_Request_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + maxLength: 10000 + type: string + required: + - blob + ApiAlertingRule_Put_Request_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Put_Request_Params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Put_Request_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Put_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Put_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Put_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Put_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Put_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Put_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Put_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Put_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRule_Put_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRule_Put_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRule_Put_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Put_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Put_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRule_Put_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Put_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRule_Put_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Put_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRule_Put_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Put_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Put_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Put_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRuleDisable_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + untrack: + description: Defines whether this rule's alerts should be untracked. + type: boolean + x-oas-optional: true + ApiAlertingRuleSnoozeSchedule_Post_Request: + additionalProperties: false + type: object + properties: + schedule: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule' + required: + - schedule + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom' + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiAlertingRuleSnoozeSchedule_Post_Response_200: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body' + required: + - body + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + schedule: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule' + required: + - schedule + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom' + id: + description: Identifier of the snooze schedule. + type: string + required: + - id + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiAlertingRulesFind_Get_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRulesFind_Get_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRulesFind_Get_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRulesFind_Get_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRulesFind_Get_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRulesFind_Get_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts_Investigation_guide' + ApiAlertingRulesFind_Get_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRulesFind_Get_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRulesFind_Get_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRulesFind_Get_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRulesFind_Get_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRulesFind_Get_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRulesFind_Get_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRulesFind_Get_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRulesFind_Get_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRulesFind_Get_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRulesFind_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiApmFleetApmServerSchema_Post_Request: + type: object + properties: + schema: + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Request_Schema' + ApiApmFleetApmServerSchema_Post_Request_Schema: + additionalProperties: true + description: Schema object + example: + foo: bar + type: object + ApiApmFleetApmServerSchema_Post_Response_200: + additionalProperties: false + type: object + ApiApmSettingsAgentConfiguration_Put_Response_200: + additionalProperties: false + type: object + ApiApmSourcemaps_Delete_Response_200: + additionalProperties: false + type: object + ApiAssetCriticality_Delete_Response_200: + type: object + properties: + deleted: + description: True if the record was deleted or false if the record did not exist. + type: boolean + record: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' + description: The deleted record if it existed. + required: + - deleted + ApiAssetCriticality_Post_Request: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' + - $ref: '#/components/schemas/ApiAssetCriticality_Post_Request_2' + example: + criticality_level: high_impact + id_field: host.name + id_value: my_host + ApiAssetCriticality_Post_Request_2: + type: object + properties: + refresh: + description: If 'wait_for' the request will wait for the index refresh. + enum: + - wait_for + type: string + ApiAssetCriticalityBulk_Post_Request: + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 + type: object + properties: + records: + items: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' + - $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Request_Records_2' + maxItems: 1000 + minItems: 1 + type: array + required: + - records + ApiAssetCriticalityBulk_Post_Request_Records_2: + type: object + properties: + criticality_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload' + required: + - criticality_level + ApiAssetCriticalityBulk_Post_Response_200: + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' + type: array + stats: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' + required: + - errors + - stats + ApiAssetCriticalityList_Get_Response_200: + example: + page: 1 + per_page: 10 + records: + - '@timestamp': '2024-08-02T14:40:35.705Z' + asset: + criticality: medium_impact + criticality_level: medium_impact + host: + asset: + criticality: medium_impact + name: my_other_host + id_field: host.name + id_value: my_other_host + - '@timestamp': '2024-08-02T11:15:34.290Z' + asset: + criticality: high_impact + criticality_level: high_impact + host: + asset: + criticality: high_impact + name: my_host + id_field: host.name + id_value: my_host + total: 2 + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + ApiAttackDiscoveryBulk_Post_Request: + type: object + properties: + update: + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Request_Update' + required: + - update + ApiAttackDiscoveryBulk_Post_Request_Update: + description: Configuration object containing all parameters for the bulk update operation + type: object + properties: + enable_field_rendering: + default: false + description: Enables a markdown syntax used to render pivot fields, for example `{{ user.name james }}`. When disabled, the same example would be rendered as `james`. This is primarily used for Attack discovery views within Kibana. Defaults to `false`. + example: false + type: boolean + ids: + description: Array of Attack discovery IDs to update + example: + - c0c8a8bbb4a6561856a974ee9e461f0c82e673a1f0d83f86c5a8d80fc8de4c4f + - 5aa8f2900c0b03854b3b1a52a19558c5ea9893865c78235d4ad3dcc46196f4c7 + items: + type: string + type: array + kibana_alert_workflow_status: + description: When provided, update the kibana.alert.workflow_status of the attack discovery alerts + enum: + - open + - acknowledged + - closed + example: acknowledged + type: string + visibility: + description: When provided, update the visibility of the alert, as determined by the kibana.alert.attack_discovery.users field + enum: + - not_shared + - shared + example: shared + type: string + with_replacements: + default: true + description: When true, returns the updated Attack discoveries with text replacements applied to the detailsMarkdown, entitySummaryMarkdown, summaryMarkdown, and title fields. This substitutes anonymized values with human-readable equivalents. Defaults to `true`. + example: true + type: boolean + required: + - ids + ApiAttackDiscoveryBulk_Post_Response_200: + type: object + properties: + data: + description: Array of updated Attack discovery alert objects. Each item includes the applied modifications from the bulk update request. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + required: + - data + ApiAttackDiscoveryBulk_Post_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the bulk update request + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryFind_Get_Response_200: + type: object + properties: + connector_names: + description: List of human readable connector names that are present in the matched Attack discoveries. Useful for building client filters or summaries. + items: + type: string + type: array + data: + description: Array of matched Attack discovery objects. Each item follows the `AttackDiscoveryApiAlert` schema. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + page: + description: Current page number of the paginated result set. + type: integer + per_page: + description: Number of items requested per page. + type: integer + total: + description: Total number of Attack discoveries matching the query (across all pages). + type: integer + unique_alert_ids: + description: List of unique alert IDs aggregated from the matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. + items: + type: string + type: array + unique_alert_ids_count: + description: Number of unique alert IDs across all matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. + type: integer + required: + - connector_names + - data + - page + - per_page + - total + - unique_alert_ids_count + ApiAttackDiscoveryFind_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid request payload. + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoveryGenerate_Post_Response_200: + type: object + properties: + execution_uuid: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier for the attack discovery generation process. Use this UUID to track the generation progress and retrieve results via the find endpoint. + example: edd26039-0990-4d9f-9829-2a1fcacb77b5 + required: + - execution_uuid + ApiAttackDiscoveryGenerate_Post_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryGenerations_Get_Response_200: + type: object + properties: + generations: + description: List of attack discovery generations + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' + type: array + required: + - generations + ApiAttackDiscoveryGenerations_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid size parameter. Must be a positive number. + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoveryGenerations_Get_Response_200_1: + type: object + properties: + data: + description: Array of Attack discoveries generated during this execution. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + generation: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' + description: Optional metadata about the attack discovery generation process, metadata including execution status and statistics. This metadata may not be available for all generations. + required: + - data + ApiAttackDiscoveryGenerations_Get_Response_400_1: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the request + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryGenerationsDismiss_Post_Response_200: + type: object + properties: + alerts_context_count: + description: The number of alerts that were sent as context to the LLM for this generation. + example: 75 + type: number + connector_id: + description: The unique identifier of the connector used to generate the attack discoveries. + example: chatGpt5_0ChatAzure + type: string + connector_stats: + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_200_Connector_stats' + discoveries: + description: The number of attack discoveries that were generated during this execution. + example: 3 + type: number + end: + description: The timestamp when the generation process completed, in ISO 8601 format. This field may be absent for generations that haven't finished. + example: '2025-09-29T06:42:44.810Z' + type: string + execution_uuid: + description: The unique identifier for this attack discovery generation execution. This UUID can be used to reference this specific generation in other API calls. + example: 46b218d5-535d-4329-be56-d0f6af6986b7 + type: string + loading_message: + description: A human-readable message describing the current state or progress of the generation process. Provides context about what the AI is analyzing. + example: AI is analyzing up to 100 alerts in the last 24 hours to generate discoveries. + type: string + reason: + description: Additional context or reasoning provided when a generation fails or encounters issues. This field helps diagnose problems with the generation process. + example: Connection timeout to AI service + type: string + start: + description: The timestamp when the generation process began, in ISO 8601 format. This marks the beginning of the AI analysis. + example: '2025-09-29T06:42:08.962Z' + type: string + status: + description: The current status of the attack discovery generation. After dismissing, this will be set to "dismissed". + enum: + - canceled + - dismissed + - failed + - started + - succeeded + example: dismissed + type: string + required: + - connector_id + - discoveries + - execution_uuid + - loading_message + - start + - status + ApiAttackDiscoveryGenerationsDismiss_Post_Response_200_Connector_stats: + description: Statistical information about the connector's performance for this user, providing insights into usage patterns and success rates. + type: object + properties: + average_successful_duration_nanoseconds: + description: The average duration in nanoseconds for successful generations using this connector by the current user. + example: 47958500000 + type: number + successful_generations: + description: The total number of Attack discoveries successfully created for this generation + example: 2 + type: number + ApiAttackDiscoveryGenerationsDismiss_Post_Response_400: + type: object + properties: + error: + description: Error type or category + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the request. + example: Invalid request parameters + type: string + status_code: + description: HTTP status code indicating the type of client error + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoverySchedulesFind_Get_Response_200: + type: object + properties: + data: + description: Array of matched Attack discovery schedule objects. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiSchedule' + type: array + page: + description: Current page number of the paginated result set. + type: number + per_page: + description: Number of items requested per page. + type: number + total: + description: Total number of Attack discovery schedules matching the query (across all pages). + type: number + required: + - page + - per_page + - total + - data + ApiAttackDiscoverySchedulesFind_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid request payload + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoverySchedules_Delete_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the deleted Attack Discovery schedule + required: + - id + ApiAttackDiscoverySchedulesDisable_Post_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the disabled Attack Discovery schedule + required: + - id + ApiAttackDiscoverySchedulesEnable_Post_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the enabled Attack Discovery schedule + required: + - id + ApiDataViews_Get_Response_200: + type: object + properties: + data_view: + items: + $ref: '#/components/schemas/ApiDataViews_Get_Response_200_Data_view_Item' + type: array + ApiDataViews_Get_Response_200_Data_view_Item: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + $ref: '#/components/schemas/ApiDataViews_Get_Response_200_Data_view_TypeMeta' + ApiDataViews_Get_Response_200_Data_view_TypeMeta: + type: object + ApiDataViewsDataViewFields_Post_Request: + type: object + properties: + fields: + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Request_Fields' + required: + - fields + ApiDataViewsDataViewFields_Post_Request_Fields: + description: The field object. + type: object + ApiDataViewsDataViewFields_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + ApiDataViewsDataViewRuntimeField_Post_Request: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField' + required: + - name + - runtimeField + ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField: + description: | + The runtime field definition object. + type: object + ApiDataViewsDataViewRuntimeField_Post_Response_200: + type: object + ApiDataViewsDataViewRuntimeField_Put_Request: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Request_RuntimeField' + required: + - name + - runtimeField + ApiDataViewsDataViewRuntimeField_Put_Request_RuntimeField: + description: | + The runtime field definition object. + type: object + ApiDataViewsDataViewRuntimeField_Put_Response_200: + type: object + properties: + data_view: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200_Data_view' + fields: + items: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200_Fields_Item' + type: array + ApiDataViewsDataViewRuntimeField_Put_Response_200_Data_view: + type: object + ApiDataViewsDataViewRuntimeField_Put_Response_200_Fields_Item: + type: object + ApiDataViewsDataViewRuntimeField_Get_Response_200: + type: object + properties: + data_view: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200_Data_view' + fields: + items: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200_Fields_Item' + type: array + ApiDataViewsDataViewRuntimeField_Get_Response_200_Data_view: + type: object + ApiDataViewsDataViewRuntimeField_Get_Response_200_Fields_Item: + type: object + ApiDataViewsDataViewRuntimeField_Post_Request_1: + type: object + properties: + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField_1' + required: + - runtimeField + ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField_1: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + ApiDataViewsDefault_Get_Response_200: + type: object + properties: + data_view_id: + type: string + ApiDataViewsDefault_Post_Request: + type: object + properties: + data_view_id: + description: | + The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + ApiDataViewsDefault_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + ApiDataViewsSwapReferences_Post_Response_200: + type: object + properties: + deleteStatus: + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200_DeleteStatus' + result: + items: + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200_Result_Item' + type: array + ApiDataViewsSwapReferences_Post_Response_200_DeleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + ApiDataViewsSwapReferences_Post_Response_200_Result_Item: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + ApiDataViewsSwapReferencesPreview_Post_Response_200: + type: object + properties: + result: + items: + $ref: '#/components/schemas/ApiDataViewsSwapReferencesPreview_Post_Response_200_Result_Item' + type: array + ApiDataViewsSwapReferencesPreview_Post_Response_200_Result_Item: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + ApiDetectionEnginePrivileges_Get_Response_200: + type: object + properties: + has_encryption_key: + type: boolean + is_authenticated: + type: boolean + required: + - is_authenticated + - has_encryption_key + ApiDetectionEngineRulesBulkAction_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps' + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' + ApiDetectionEngineRulesBulkAction_Post_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' + ApiDetectionEngineRulesExport_Post_Request: + nullable: true + type: object + properties: + objects: + description: Array of objects with a rule's `rule_id` field. Do not use rule's `id` here. Exports all rules when unspecified. + items: + $ref: '#/components/schemas/ApiDetectionEngineRulesExport_Post_Request_Objects_Item' + type: array + required: + - objects + ApiDetectionEngineRulesExport_Post_Request_Objects_Item: + type: object + properties: + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + required: + - rule_id + ApiDetectionEngineRulesFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + warnings: + items: + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' + type: array + required: + - page + - perPage + - total + - data + ApiDetectionEngineRulesImport_Post_Request: + type: object + properties: + file: + description: The `.ndjson` file containing the rules. + format: binary + type: string + ApiDetectionEngineRulesImport_Post_Response_200: + additionalProperties: false + type: object + properties: + action_connectors_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer + success: + type: boolean + success_count: + minimum: 0 + type: integer + required: + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count + - success + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count + ApiDetectionEngineRulesExceptions_Post_Request: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple + type: object + properties: + items: + items: + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' + type: array + required: + - items + ApiDetectionEngineRulesExceptions_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiDetectionEngineRulesPreview_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_1' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_2' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_3' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_4' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_5' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_6' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_7' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_8' + discriminator: + propertyName: type + ApiDetectionEngineRulesPreview_Post_Request_1: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_2: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_3: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_4: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_5: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_6: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_7: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_8: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Response_200: + type: object + properties: + isAborted: + type: boolean + logs: + items: + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' + type: array + previewId: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - logs + ApiDetectionEngineRulesPreview_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsSearch_Post_Response_200: + additionalProperties: true + description: Elasticsearch search response + type: object + ApiDetectionEngineSignalsSearch_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsStatus_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + ApiDetectionEngineSignalsStatus_Post_Response_200: + additionalProperties: true + description: Elasticsearch update by query response + type: object + ApiDetectionEngineSignalsStatus_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsTags_Post_Response_200: + additionalProperties: true + description: Elasticsearch update by query response + type: object + ApiDetectionEngineSignalsTags_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiEndpointList_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Post_Request: + type: object + properties: + comments: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' + default: [] + description: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' + entries: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' + item_id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' + meta: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' + os_types: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' + default: [] + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' + required: + - type + - name + - description + - entries + ApiEndpointListItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Put_Request: + type: object + properties: + _version: + type: string + comments: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' + default: [] + description: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' + entries: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' + description: Either `id` or `item_id` must be specified + item_id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' + description: Either `id` or `item_id` must be specified + meta: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' + os_types: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' + required: + - type + - name + - description + - entries + ApiEndpointListItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItemsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiEndpointListItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointActionFile_Get_Response_200_Data: + type: object + properties: + actionId: + type: string + agentId: + type: string + agentType: + type: string + created: + format: date-time + type: string + id: + type: string + mimeType: + type: string + name: + type: string + size: + type: number + status: + enum: + - AWAITING_UPLOAD + - UPLOADING + - READY + - UPLOAD_ERROR + - DELETED + type: string + ApiEndpointActionIsolate_Post_Request: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + ApiEndpointActionUnisolate_Post_Request: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + ApiEndpointProtectionUpdatesNote_Post_Request: + type: object + properties: + note: + type: string + ApiEndpointScriptsLibrary_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointScript' + type: array + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + pageSize: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize' + sortDirection: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SortDirection' + sortField: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiSortField' + total: + description: The total number of scripts matching the query + type: integer + ApiEntityAnalyticsMonitoringEngineDelete_Delete_Response_200: + type: object + properties: + deleted: + type: boolean + required: + - deleted + ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_200: + type: object + properties: + success: + description: Indicates the scheduling was successful + type: boolean + ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_409: + type: object + properties: + message: + description: Error message indicating the engine is already running + type: string + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200: + type: object + properties: + error: + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Error' + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' + users: + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Users' + required: + - status + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Error: + type: object + properties: + message: + type: string + required: + - status + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Users: + description: User statistics for privilege monitoring + type: object + properties: + current_count: + description: Current number of privileged users being monitored + type: integer + max_allowed: + description: Maximum number of privileged users allowed to be monitored + type: integer + required: + - current_count + - max_allowed + ApiEntityAnalyticsMonitoringUsersCsv_Post_Request: + type: object + properties: + file: + description: The CSV file to upload. + format: binary + type: string + required: + - file + ApiEntityAnalyticsMonitoringUsersCsv_Post_Response_200: + example: + errors: + - index: 1 + message: Invalid monitored field + username: john.doe + stats: + failedOperations: 1 + successfulOperations: 1 + totalOperations: 2 + uploaded: 1 + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadErrorItem' + type: array + stats: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadStats' + required: + - errors + - stats + ApiEntityAnalyticsMonitoringUsers_Delete_Response_200: + type: object + properties: + acknowledged: + description: Indicates if the deletion was successful + type: boolean + message: + description: A message providing additional information about the deletion status + type: string + required: + - success + ApiEntityAnalyticsPrivilegedUserMonitoringPadInstall_Post_Response_200: + type: object + properties: + message: + type: string + required: + - message + ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200: + type: object + properties: + jobs: + items: + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200_Jobs_Item' + type: array + ml_module_setup_status: + enum: + - complete + - incomplete + type: string + package_installation_status: + enum: + - complete + - incomplete + type: string + required: + - package_installation_status + - ml_module_setup_status + - jobs + ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200_Jobs_Item: + type: object + properties: + description: + type: string + job_id: + type: string + state: + enum: + - closing + - closed + - opened + - failed + - opening + type: string + required: + - job_id + - state + ApiEntityStoreEnable_Post_Request: + type: object + properties: + delay: + default: 1m + description: The delay before the transform will run. + pattern: '[smdh]$' + type: string + docsPerSecond: + default: -1 + description: The number of documents per second to process. + type: integer + enrichPolicyExecutionInterval: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' + entityTypes: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: + type: string + frequency: + default: 1m + description: The frequency at which the transform will run. + pattern: '[smdh]$' + type: string + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + lookbackPeriod: + default: 3h + description: The amount of time the transform looks back to calculate the aggregations. + pattern: '[smdh]$' + type: string + maxPageSearchSize: + default: 500 + description: The initial page size to use for the composite aggregation of each checkpoint. + type: integer + timeout: + default: 180s + description: The timeout for initializing the aggregating transform. + pattern: '[smdh]$' + type: string + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string + ApiEntityStoreEnable_Post_Response_200: + type: object + properties: + engines: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + type: array + succeeded: + type: boolean + ApiEntityStoreEngines_Delete_Response_200: + type: object + properties: + deleted: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + still_running: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + ApiEntityStoreEngines_Get_Response_200: + type: object + properties: + count: + type: integer + engines: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + type: array + ApiEntityStoreEngines_Delete_Response_200_1: + type: object + properties: + deleted: + type: boolean + ApiEntityStoreEnginesInit_Post_Request: + type: object + properties: + delay: + default: 1m + description: The delay before the transform will run. + pattern: '[smdh]$' + type: string + docsPerSecond: + default: -1 + description: The number of documents per second to process. + type: integer + enrichPolicyExecutionInterval: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: + type: string + frequency: + default: 1m + description: The frequency at which the transform will run. + pattern: '[smdh]$' + type: string + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + lookbackPeriod: + default: 3h + description: The amount of time the transform looks back to calculate the aggregations. + pattern: '[smdh]$' + type: string + maxPageSearchSize: + default: 500 + description: The initial page size to use for the composite aggregation of each checkpoint. + type: integer + timeout: + default: 180s + description: The timeout for initializing the aggregating transform. + pattern: '[smdh]$' + type: string + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + ApiEntityStoreEnginesStart_Post_Response_200: + type: object + properties: + started: + type: boolean + ApiEntityStoreEnginesStop_Post_Response_200: + type: object + properties: + stopped: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_200: + type: object + properties: + result: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' + type: array + success: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_207: + type: object + properties: + errors: + items: + type: string + type: array + result: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' + type: array + success: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_500: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiEntityStoreEntities_Delete_Request: + type: object + properties: + id: + description: Identifier of the entity to be deleted, commonly entity.id value. + type: string + required: + - id + ApiEntityStoreEntities_Delete_Response_200: + type: object + properties: + deleted: + type: boolean + ApiEntityStoreEntitiesList_Get_Response_200: + type: object + properties: + inspect: + $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + ApiEntityStoreStatus_Get_Response_200: + type: object + properties: + engines: + items: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + - $ref: '#/components/schemas/ApiEntityStoreStatus_Get_Response_200_Engines_2' + type: array + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus' + required: + - status + - engines + ApiEntityStoreStatus_Get_Response_200_Engines_2: + type: object + properties: + components: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus' + type: array + ApiExceptionLists_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Post_Request: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + default: [] + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' + default: 1 + required: + - name + - description + - type + ApiExceptionLists_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Put_Request: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection + type: object + properties: + _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + type: string + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' + required: + - name + - description + - type + ApiExceptionLists_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsDuplicate_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsExport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiExceptionListsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsImport_Post_Request: + type: object + properties: + file: + description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + format: binary + type: string + ApiExceptionListsImport_Post_Response_200: + type: object + properties: + errors: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean + required: + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + ApiExceptionListsImport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Delete_Response_400: + example: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEndpointList' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindowsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEventFilters' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemHostIsolation' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistMac' + ApiExceptionListsItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Put_Request: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEndpointList' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindowsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEventFilters' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemHostIsolation' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistMac' + ApiExceptionListsItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItemsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiExceptionListsItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsSummary_Get_Response_200: + type: object + properties: + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + ApiExceptionListsSummary_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionsShared_Post_Request: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + required: + - name + - description + ApiExceptionsShared_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiFleetAgentDownloadSources_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgentDownloadSources_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl' + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Get_Response_200_Items_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Post_Request: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Ssl' + required: + - name + - host + ApiFleetAgentDownloadSources_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl' + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Post_Request_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Post_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Get_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Put_Request: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Ssl' + required: + - name + - host + ApiFleetAgentDownloadSources_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl' + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Put_Request_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Put_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgentPolicies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Get_Response_200_Items_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Get_Response_200_Items_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources' + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Post_Request: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless' + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Overrides' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + space_ids: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + ApiFleetAgentPolicies_Post_Request_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Post_Request_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Post_Request_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Resources' + ApiFleetAgentPolicies_Post_Request_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Post_Request_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Post_Request_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Post_Request_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Post_Request_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Post_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Post_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesBulkGet_Post_Request: + additionalProperties: false + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + ignoreMissing: + type: boolean + required: + - ids + ApiFleetAgentPoliciesBulkGet_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources_Requests' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_1: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_2: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Uploader' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_1' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides_Inputs' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPoliciesBulkGet_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Get_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Get_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Put_Request: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless' + bumpRevision: + type: boolean + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Overrides' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + space_ids: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + ApiFleetAgentPolicies_Put_Request_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Put_Request_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Put_Request_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Resources' + ApiFleetAgentPolicies_Put_Request_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Put_Request_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Put_Request_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Put_Request_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Put_Request_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Put_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Put_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + currentVersions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200_CurrentVersions_Item' + maxItems: 10000 + type: array + totalAgents: + type: number + required: + - currentVersions + - totalAgents + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200_CurrentVersions_Item: + additionalProperties: false + type: object + properties: + agents: + description: Number of agents that upgraded to this version + type: number + failedUpgradeActionIds: + description: List of action IDs related to failed upgrades + items: + type: string + maxItems: 1000 + type: array + failedUpgradeAgents: + description: Number of agents that failed to upgrade to this version + type: number + inProgressUpgradeActionIds: + description: List of action IDs related to in-progress upgrades + items: + type: string + maxItems: 1000 + type: array + inProgressUpgradeAgents: + description: Number of agents that are upgrading to this version + type: number + version: + description: Agent version + type: string + required: + - version + - agents + - failedUpgradeAgents + - inProgressUpgradeAgents + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesCopy_Post_Request: + additionalProperties: false + type: object + properties: + description: + type: string + name: + minLength: 1 + type: string + required: + - name + ApiFleetAgentPoliciesCopy_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item' + required: + - item + ApiFleetAgentPoliciesCopy_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPoliciesCopy_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDownload_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDownload_Get_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesFull_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_2' + required: + - item + ApiFleetAgentPoliciesFull_Get_Response_200_Item_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_2: + additionalProperties: false + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent' + connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Connectors' + exporters: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Exporters' + extensions: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Extensions' + fleet: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_2' + id: + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Item' + maxItems: 10000 + type: array + namespaces: + items: + type: string + maxItems: 100 + type: array + output_permissions: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions' + outputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs' + processors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Processors' + receivers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Receivers' + revision: + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Secret_references_Item' + maxItems: 10000 + type: array + service: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service' + signed: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Signed' + required: + - id + - outputs + - inputs + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + download: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download' + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features' + internal: {} + limits: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Limits' + logging: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring' + protection: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Protection' + required: + - monitoring + - download + - features + - internal + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download: + additionalProperties: false + type: object + properties: + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers' + proxy_url: + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets' + sourceURI: + type: string + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Ssl' + target_directory: + type: string + timeout: + type: string + required: + - sourceURI + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl_Key' + required: + - key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl_Key: + additionalProperties: true + type: object + properties: + id: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features_Value: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Limits: + additionalProperties: false + type: object + properties: + go_max_procs: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging: + additionalProperties: false + type: object + properties: + files: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Files' + level: + type: string + metrics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Metrics' + to_files: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Files: + additionalProperties: false + type: object + properties: + interval: + type: string + keepfiles: + type: number + rotateeverybytes: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Metrics: + additionalProperties: false + type: object + properties: + period: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring: + additionalProperties: false + type: object + properties: + _runtime_experimental: + type: string + apm: {} + diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics' + enabled: + type: boolean + http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Http' + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Pprof' + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + - apm + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Uploader' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Http: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Pprof: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Protection: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + signing_key: + type: string + uninstall_token_hash: + type: string + required: + - enabled + - uninstall_token_hash + - signing_key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Connectors: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Exporters: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Extensions: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_1: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + maxItems: 100 + type: array + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers' + proxy_url: + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Ssl' + required: + - hosts + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl_Key' + required: + - key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl_Key: + additionalProperties: true + type: object + properties: + id: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_2: + additionalProperties: false + type: object + properties: + kibana: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Kibana' + required: + - kibana + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Kibana: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + maxItems: 100 + type: array + path: + type: string + protocol: + type: string + required: + - hosts + - protocol + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Data_stream' + id: + type: string + meta: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta' + name: + type: string + package_policy_id: + type: string + processors: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Item' + maxItems: 10000 + type: array + revision: + type: number + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta: + additionalProperties: true + type: object + properties: + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta_Package' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta_Package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Item: + additionalProperties: true + type: object + properties: + add_fields: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields' + required: + - add_fields + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields: + additionalProperties: true + type: object + properties: + fields: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields' + target: + type: string + required: + - target + - fields + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_2' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_2: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Data_stream' + id: + type: string + required: + - id + - data_stream + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions_Value: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Value: + additionalProperties: true + type: object + properties: + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 100 + type: array + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers' + proxy_url: + type: string + type: + type: string + required: + - type + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Processors: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Receivers: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service: + additionalProperties: false + type: object + properties: + extensions: + items: + type: string + maxItems: 1000 + type: array + pipelines: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines_Value: + additionalProperties: false + type: object + properties: + exporters: + items: + type: string + maxItems: 1000 + type: array + processors: + items: + type: string + maxItems: 1000 + type: array + receivers: + items: + type: string + maxItems: 1000 + type: array + x-oas-optional: true + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Signed: + additionalProperties: false + type: object + properties: + data: + type: string + signature: + type: string + required: + - data + - signature + ApiFleetAgentPoliciesFull_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesOutputs_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item' + required: + - item + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring' + required: + - monitoring + - data + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data: + additionalProperties: false + type: object + properties: + integrations: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Integrations_Item' + maxItems: 1000 + type: array + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Integrations_Item: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring: + additionalProperties: false + type: object + properties: + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDelete_Post_Request: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + force: + description: bypass validation checks that can prevent agent policy deletion + type: boolean + required: + - agentPolicyId + ApiFleetAgentPoliciesDelete_Post_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesDelete_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesOutputs_Post_Request: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + required: + - ids + ApiFleetAgentPoliciesOutputs_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring' + required: + - monitoring + - data + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data: + additionalProperties: false + type: object + properties: + integrations: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Integrations_Item' + maxItems: 1000 + type: array + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Integrations_Item: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring: + additionalProperties: false + type: object + properties: + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + results: + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_200_Results' + required: + - results + ApiFleetAgentStatus_Get_Response_200_Results: + additionalProperties: false + type: object + properties: + active: + type: number + all: + type: number + error: + type: number + events: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + orphaned: + type: number + other: + type: number + unenrolled: + type: number + uninstalled: + type: number + updating: + type: number + required: + - events + - online + - error + - offline + - other + - updating + - inactive + - unenrolled + - all + - active + ApiFleetAgentStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentStatusData_Get_Response_200: + additionalProperties: false + type: object + properties: + dataPreview: + items: {} + maxItems: 10000 + type: array + items: + items: + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + - dataPreview + ApiFleetAgentStatusData_Get_Response_200_Items_Item: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200_Items_Value' + type: object + ApiFleetAgentStatusData_Get_Response_200_Items_Value: + additionalProperties: false + type: object + properties: + data: + type: boolean + required: + - data + ApiFleetAgentStatusData_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Post_Request: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + cloud_connector: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Cloud_connector' + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + package: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package' + policy_template: + description: The policy template to use for the agentless package policy. If not provided, the default policy template will be used. + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars' + required: + - name + - package + ApiFleetAgentlessPolicies_Post_Request_Cloud_connector: + additionalProperties: false + type: object + properties: + cloud_connector_id: + description: ID of an existing cloud connector to reuse. If not provided, a new connector will be created. + type: string + enabled: + default: false + description: Whether cloud connectors are enabled for this policy. + type: boolean + name: + description: Optional name for the cloud connector. If not provided, will be auto-generated from credentials. + maxLength: 255 + minLength: 1 + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars' + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars' + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item' + required: + - item + ApiFleetAgentlessPolicies_Post_Response_200_Item: + additionalProperties: false + description: The created agentless package policy. + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch_Privileges' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_1' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides_Inputs' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentlessPolicies_Post_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2_1: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Post_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Delete_Response_200: + additionalProperties: false + description: Response for deleting an agentless package policy. + type: object + properties: + id: + description: The ID of the deleted agentless package policy. + type: string + required: + - id + ApiFleetAgentlessPolicies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Delete_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + nextSearchAfter: + type: string + page: + type: number + perPage: + type: number + pit: + type: string + statusSummary: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_StatusSummary' + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgents_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Get_Response_200_Items_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Get_Response_200_Items_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Items_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Items_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Items_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Items_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Items_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Get_Response_200_Items_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs_Value' + type: object + ApiFleetAgents_Get_Response_200_Items_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Get_Response_200_Items_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Items_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Get_Response_200_Items_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Get_Response_200_Items_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Get_Response_200_Items_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Get_Response_200_Items_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_StatusSummary: + additionalProperties: + type: number + type: object + ApiFleetAgents_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Post_Request: + additionalProperties: false + type: object + properties: + actionIds: + items: + type: string + maxItems: 1000 + type: array + required: + - actionIds + ApiFleetAgents_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgents_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Delete_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + ApiFleetAgents_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item' + required: + - item + ApiFleetAgents_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Get_Response_200_Item_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Get_Response_200_Item_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Item_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Item_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Item_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Item_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Item_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Get_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgents_Get_Response_200_Item_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Get_Response_200_Item_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Item_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Get_Response_200_Item_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Get_Response_200_Item_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Get_Response_200_Item_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Get_Response_200_Item_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Put_Request: + additionalProperties: false + type: object + properties: + tags: + items: + type: string + maxItems: 10 + type: array + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Request_User_provided_metadata' + ApiFleetAgents_Put_Request_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item' + required: + - item + ApiFleetAgents_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Put_Response_200_Item_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Put_Response_200_Item_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Put_Response_200_Item_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Put_Response_200_Item_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200_Item_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Put_Response_200_Item_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200_Item_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Put_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgents_Put_Response_200_Item_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Put_Response_200_Item_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Put_Response_200_Item_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Put_Response_200_Item_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Put_Response_200_Item_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Put_Response_200_Item_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Put_Response_200_Item_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActions_Post_Request: + additionalProperties: false + type: object + properties: + action: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_1' + - $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_2' + required: + - action + ApiFleetAgentsActions_Post_Request_Action_1: + additionalProperties: false + type: object + properties: + ack_data: {} + data: {} + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + required: + - type + - data + - ack_data + ApiFleetAgentsActions_Post_Request_Action_2: + additionalProperties: false + type: object + properties: + data: + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_Data' + type: + enum: + - SETTINGS + type: string + required: + - type + - data + ApiFleetAgentsActions_Post_Request_Action_Data: + additionalProperties: false + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + required: + - log_level + ApiFleetAgentsActions_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_200_Item' + required: + - item + ApiFleetAgentsActions_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + maxItems: 10000 + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + maxItems: 100 + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + ApiFleetAgentsActions_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsMigrate_Post_Request: + additionalProperties: false + type: object + properties: + enrollment_token: + type: string + settings: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings' + uri: + format: uri + type: string + required: + - uri + - enrollment_token + ApiFleetAgentsMigrate_Post_Request_Settings: + additionalProperties: false + type: object + properties: + ca_sha256: + type: string + certificate_authorities: + type: string + elastic_agent_cert: + type: string + elastic_agent_cert_key: + type: string + elastic_agent_cert_key_passphrase: + type: string + headers: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings_Headers' + insecure: + type: boolean + proxy_disabled: + type: boolean + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings_Proxy_headers' + proxy_url: + type: string + replace_token: + type: string + staging: + type: string + tags: + items: + type: string + maxItems: 10 + type: array + ApiFleetAgentsMigrate_Post_Request_Settings_Headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsMigrate_Post_Request_Settings_Proxy_headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsMigrate_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsMigrate_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsPrivilegeLevelChange_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + user_info: + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Request_User_info' + ApiFleetAgentsPrivilegeLevelChange_Post_Request_User_info: + additionalProperties: false + type: object + properties: + groupname: + type: string + password: + type: string + username: + type: string + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_1' + - $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_2' + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_1: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_2: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetAgentsPrivilegeLevelChange_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsReassign_Post_Request: + additionalProperties: false + type: object + properties: + policy_id: + type: string + required: + - policy_id + ApiFleetAgentsReassign_Post_Response_200: + additionalProperties: false + type: object + properties: {} + ApiFleetAgentsReassign_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsRequestDiagnostics_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + maxItems: 1 + type: array + ApiFleetAgentsRequestDiagnostics_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsRequestDiagnostics_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsRollback_Post_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200_1' + - $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200_2' + ApiFleetAgentsRollback_Post_Response_200_1: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsRollback_Post_Response_200_2: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetAgentsRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsUnenroll_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + revoke: + type: boolean + ApiFleetAgentsUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + force: + type: boolean + skipRateLimitCheck: + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + ApiFleetAgentsUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: {} + ApiFleetAgentsUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsUploads_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsUploads_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + actionId: + type: string + createTime: + type: string + error: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - EXPIRED + - IN_PROGRESS + - FAILED + type: string + required: + - id + - name + - filePath + - createTime + - status + - actionId + ApiFleetAgentsUploads_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActionStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsActionStatus_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + hasRolloutPeriod: + type: boolean + is_automatic: + type: boolean + latestErrors: + items: + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200_Items_LatestErrors_Item' + maxItems: 10 + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: number + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - UPGRADE + - UNENROLL + - SETTINGS + - POLICY_REASSIGN + - CANCEL + - FORCE_UNENROLL + - REQUEST_DIAGNOSTICS + - UPDATE_TAGS + - POLICY_CHANGE + - INPUT_ACTION + - MIGRATE + - PRIVILEGE_LEVEL_CHANGE + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - type + - nbAgentsActioned + - status + - creationTime + ApiFleetAgentsActionStatus_Get_Response_200_Items_LatestErrors_Item: + additionalProperties: false + description: latest errors that happened when the agents executed the action + type: object + properties: + agentId: + type: string + error: + type: string + hostname: + type: string + timestamp: + type: string + required: + - agentId + - error + - timestamp + ApiFleetAgentsActionStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActionsCancel_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_200_Item' + required: + - item + ApiFleetAgentsActionsCancel_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + maxItems: 10000 + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + maxItems: 100 + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + ApiFleetAgentsActionsCancel_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsAvailableVersions_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsAvailableVersions_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkMigrate_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Agents_2' + batchSize: + type: number + enrollment_token: + type: string + settings: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings' + uri: + format: uri + type: string + required: + - agents + - uri + - enrollment_token + ApiFleetAgentsBulkMigrate_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkMigrate_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkMigrate_Post_Request_Settings: + additionalProperties: false + type: object + properties: + ca_sha256: + type: string + certificate_authorities: + type: string + elastic_agent_cert: + type: string + elastic_agent_cert_key: + type: string + elastic_agent_cert_key_passphrase: + type: string + headers: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings_Headers' + insecure: + type: boolean + proxy_disabled: + type: boolean + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings_Proxy_headers' + proxy_url: + type: string + staging: + type: string + tags: + items: + type: string + maxItems: 10 + type: array + ApiFleetAgentsBulkMigrate_Post_Request_Settings_Headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsBulkMigrate_Post_Request_Settings_Proxy_headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsBulkMigrate_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkMigrate_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_2' + batchSize: + type: number + user_info: + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_User_info' + required: + - agents + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_User_info: + additionalProperties: false + type: object + properties: + groupname: + type: string + password: + type: string + username: + type: string + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkReassign_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + policy_id: + type: string + required: + - policy_id + - agents + ApiFleetAgentsBulkReassign_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkReassign_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkReassign_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkReassign_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkRequestDiagnostics_Post_Request: + additionalProperties: false + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + maxItems: 1 + type: array + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_2' + batchSize: + type: number + required: + - agents + ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkRequestDiagnostics_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkRequestDiagnostics_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkRollback_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + required: + - agents + ApiFleetAgentsBulkRollback_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkRollback_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + actionIds: + items: + type: string + maxItems: 10000 + type: array + required: + - actionIds + ApiFleetAgentsBulkRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUnenroll_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request_Agents_2' + batchSize: + type: number + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: When passing agents by KQL query, unenrolls inactive agents too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents + ApiFleetAgentsBulkUnenroll_Post_Request_Agents_1: + items: + description: list of agent IDs + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUnenroll_Post_Request_Agents_2: + description: KQL query string, leave empty to action all agents + type: string + ApiFleetAgentsBulkUnenroll_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUnenroll_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUpdateAgentTags_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + tagsToAdd: + items: + type: string + maxItems: 10 + type: array + tagsToRemove: + items: + type: string + maxItems: 10 + type: array + required: + - agents + ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkUpdateAgentTags_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUpdateAgentTags_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request_Agents_2' + batchSize: + type: number + force: + type: boolean + includeInactive: + default: false + type: boolean + rollout_duration_seconds: + minimum: 600 + type: number + skipRateLimitCheck: + type: boolean + source_uri: + type: string + start_time: + type: string + version: + type: string + required: + - agents + - version + ApiFleetAgentsBulkUpgrade_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUpgrade_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsFiles_Delete_Response_200: + additionalProperties: false + type: object + properties: + deleted: + type: boolean + id: + type: string + required: + - id + - deleted + ApiFleetAgentsFiles_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsFiles_Get_Response_200: + type: object + ApiFleetAgentsFiles_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsSetup_Get_Response_200: + additionalProperties: false + description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. + type: object + properties: + is_action_secrets_storage_enabled: + type: boolean + is_secrets_storage_enabled: + type: boolean + is_space_awareness_enabled: + type: boolean + is_ssl_secrets_storage_enabled: + type: boolean + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + maxItems: 1 + type: array + missing_requirements: + items: + enum: + - security_required + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + maxItems: 5 + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + ApiFleetAgentsSetup_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsSetup_Post_Response_200: + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_200_NonFatalErrors_Item' + maxItems: 10000 + type: array + required: + - isInitialized + - nonFatalErrors + ApiFleetAgentsSetup_Post_Response_200_NonFatalErrors_Item: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + ApiFleetAgentsSetup_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsTags_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsTags_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCheckPermissions_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + enum: + - MISSING_SECURITY + - MISSING_PRIVILEGES + - MISSING_FLEET_SERVER_SETUP_PRIVILEGES + type: string + success: + type: boolean + required: + - success + ApiFleetCheckPermissions_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetCloudConnectors_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Items_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Get_Response_200_Items_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Post_Request: + additionalProperties: false + type: object + properties: + accountType: + description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' + enum: + - single-account + - organization-account + type: string + cloudProvider: + description: 'The cloud provider type: aws, azure, or gcp.' + enum: + - aws + - azure + - gcp + type: string + name: + description: The name of the cloud connector. + maxLength: 255 + minLength: 1 + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars' + required: + - name + - cloudProvider + - vars + ApiFleetCloudConnectors_Post_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_4' + type: object + ApiFleetCloudConnectors_Post_Request_Vars_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Post_Request_Vars_2: + type: number + ApiFleetCloudConnectors_Post_Request_Vars_3: + type: boolean + ApiFleetCloudConnectors_Post_Request_Vars_4: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + maxLength: 50 + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_Value_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_Value_2' + required: + - type + - value + ApiFleetCloudConnectors_Post_Request_Vars_Value_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Post_Request_Vars_Value_2: + additionalProperties: false + type: object + properties: + id: + maxLength: 255 + type: string + isSecretRef: + type: boolean + required: + - isSecretRef + - id + ApiFleetCloudConnectors_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Post_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetCloudConnectors_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Get_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Put_Request: + additionalProperties: false + type: object + properties: + accountType: + description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' + enum: + - single-account + - organization-account + type: string + name: + description: The name of the cloud connector. + maxLength: 255 + minLength: 1 + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars' + ApiFleetCloudConnectors_Put_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_4' + type: object + ApiFleetCloudConnectors_Put_Request_Vars_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Put_Request_Vars_2: + type: number + ApiFleetCloudConnectors_Put_Request_Vars_3: + type: boolean + ApiFleetCloudConnectors_Put_Request_Vars_4: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + maxLength: 50 + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_Value_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_Value_2' + required: + - type + - value + ApiFleetCloudConnectors_Put_Request_Vars_Value_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Put_Request_Vars_Value_2: + additionalProperties: false + type: object + properties: + id: + maxLength: 255 + type: string + isSecretRef: + type: boolean + required: + - isSecretRef + - id + ApiFleetCloudConnectors_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Put_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectorsUsage_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + name: + type: string + package: + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Package' + policy_ids: + items: + type: string + maxItems: 10000 + type: array + updated_at: + type: string + required: + - id + - name + - policy_ids + - created_at + - updated_at + ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + version: + type: string + required: + - name + - title + - version + ApiFleetCloudConnectorsUsage_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetDataStreams_Get_Response_200: + additionalProperties: false + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Item' + maxItems: 10000 + type: array + required: + - data_streams + ApiFleetDataStreams_Get_Response_200_Data_streams_Item: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Dashboards_Item' + maxItems: 10000 + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + serviceDetails: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_ServiceDetails' + size_in_bytes: + type: number + size_in_bytes_formatted: + anyOf: + - $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_1' + - $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_2' + type: + type: string + required: + - index + - dataset + - namespace + - type + - package + - package_version + - last_activity_ms + - size_in_bytes + - size_in_bytes_formatted + - dashboards + - serviceDetails + ApiFleetDataStreams_Get_Response_200_Data_streams_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + title: + type: string + required: + - id + - title + ApiFleetDataStreams_Get_Response_200_Data_streams_ServiceDetails: + additionalProperties: false + nullable: true + type: object + properties: + environment: + type: string + serviceName: + type: string + required: + - environment + - serviceName + ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_1: + type: number + ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_2: + type: string + ApiFleetDataStreams_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_List_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + - list + ApiFleetEnrollmentApiKeys_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_200_List_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Post_Request: + additionalProperties: false + type: object + properties: + expiration: + type: string + name: + type: string + policy_id: + type: string + required: + - policy_id + ApiFleetEnrollmentApiKeys_Post_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_200_Item' + required: + - item + - action + ApiFleetEnrollmentApiKeys_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Delete_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + ApiFleetEnrollmentApiKeys_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_Item' + required: + - item + ApiFleetEnrollmentApiKeys_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmBulkAssets_Post_Request: + additionalProperties: false + type: object + properties: + assetIds: + items: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Request_AssetIds_Item' + maxItems: 10000 + type: array + required: + - assetIds + ApiFleetEpmBulkAssets_Post_Request_AssetIds_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - id + - type + ApiFleetEpmBulkAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmBulkAssets_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + appLink: + type: string + attributes: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200_Items_Attributes' + id: + type: string + type: + type: string + updatedAt: + type: string + required: + - id + - type + - attributes + ApiFleetEpmBulkAssets_Post_Response_200_Items_Attributes: + additionalProperties: false + type: object + properties: + description: + type: string + service: + type: string + title: + type: string + ApiFleetEpmBulkAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCategories_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmCategories_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + ApiFleetEpmCategories_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCustomIntegrations_Post_Request: + additionalProperties: false + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Request_Datasets_Item' + maxItems: 10 + type: array + force: + type: boolean + integrationName: + type: string + required: + - integrationName + - datasets + ApiFleetEpmCustomIntegrations_Post_Request_Datasets_Item: + additionalProperties: false + type: object + properties: + name: + type: string + type: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + required: + - name + - type + ApiFleetEpmCustomIntegrations_Post_Response_200: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200__meta' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmCustomIntegrations_Post_Response_200__meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_2: + type: string + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmCustomIntegrations_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCustomIntegrations_Put_Request: + additionalProperties: false + type: object + properties: + categories: + items: + type: string + maxItems: 10 + type: array + readMeData: + type: string + required: + - readMeData + ApiFleetEpmCustomIntegrations_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmDataStreams_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmDataStreams_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmDataStreams_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackages_Get_Response_200_Items_Item: + additionalProperties: true + type: object + properties: + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery' + download: + type: string + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Icons_Item' + maxItems: 10 + type: array + id: + type: string + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo' + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - id + ApiFleetEpmPackages_Get_Response_200_Items_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Kibana' + ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Items_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Items_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Get_Response_200_Items_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Items_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Get_Response_200_Items_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_4: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Get_Response_200_Items_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Post_Response_200: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200__meta' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmPackages_Post_Response_200__meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmPackages_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Post_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Post_Response_200_Items_Type_2: + type: string + ApiFleetEpmPackages_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulk_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request_Packages_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request_Packages_2' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulk_Post_Request_Packages_1: + type: string + ApiFleetEpmPackagesBulk_Post_Request_Packages_2: + additionalProperties: false + type: object + properties: + name: + type: string + prerelease: + type: boolean + version: + type: string + required: + - name + - version + ApiFleetEpmPackagesBulk_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackagesBulk_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + name: + type: string + result: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result' + version: + type: string + required: + - name + - version + - result + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_2' + maxItems: 10000 + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_2' + required: + - id + - type + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_2: + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackagesBulk_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + error: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_2' + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_1: + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_2: {} + ApiFleetEpmPackagesBulk_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkRollback_Post_Request: + additionalProperties: false + type: object + properties: + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulkRollback_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + description: Package name to rollback + type: string + required: + - name + ApiFleetEpmPackagesBulkRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkRollback_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkRollback_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUninstall_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulkUninstall_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetEpmPackagesBulkUninstall_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkUninstall_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUninstall_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUninstall_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + prerelease: + type: boolean + upgrade_package_policies: + default: false + type: boolean + required: + - packages + ApiFleetEpmPackagesBulkUpgrade_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + type: string + version: + type: string + required: + - name + ApiFleetEpmPackagesBulkUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUpgrade_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Delete_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackages_Delete_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Delete_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Delete_Response_200_Items_Type_2: + type: string + ApiFleetEpmPackages_Delete_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item' + metadata: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Metadata' + required: + - item + ApiFleetEpmPackages_Get_Response_200_Item: + additionalProperties: true + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Agent' + asset_tags: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Asset_tags_Item' + maxItems: 1000 + type: array + assets: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Assets' + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery' + download: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Elasticsearch' + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Icons_Item' + maxItems: 10 + type: array + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo' + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Screenshots_Item' + maxItems: 10 + type: array + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - assets + ApiFleetEpmPackages_Get_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Agent_Privileges' + ApiFleetEpmPackages_Get_Response_200_Item_Agent_Privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Item_Asset_tags_Item: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + maxItems: 100 + type: array + asset_types: + items: + type: string + maxItems: 10 + type: array + text: + type: string + required: + - text + ApiFleetEpmPackages_Get_Response_200_Item_Assets: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Kibana' + ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Item_Elasticsearch: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Get_Response_200_Item_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Screenshots_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Item_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Get_Response_200_Item_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_4: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Get_Response_200_Item_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Metadata: + additionalProperties: false + type: object + properties: + has_policies: + type: boolean + required: + - has_policies + ApiFleetEpmPackages_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + default: false + type: boolean + ignore_constraints: + default: false + type: boolean + ApiFleetEpmPackages_Post_Response_200_1: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200__meta_1' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_1_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_2_1' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmPackages_Post_Response_200__meta_1: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmPackages_Post_Response_200_Items_1_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_1_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_2_1' + required: + - id + - type + ApiFleetEpmPackages_Post_Response_200_Items_Type_1_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Post_Response_200_Items_Type_2_1: + type: string + ApiFleetEpmPackages_Post_Response_200_Items_2_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Post_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Put_Request: + additionalProperties: false + type: object + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate + ApiFleetEpmPackages_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item' + required: + - item + ApiFleetEpmPackages_Put_Response_200_Item: + additionalProperties: true + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Agent' + asset_tags: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Asset_tags_Item' + maxItems: 1000 + type: array + assets: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Assets' + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery' + download: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Elasticsearch' + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Icons_Item' + maxItems: 10 + type: array + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo' + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Screenshots_Item' + maxItems: 10 + type: array + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - assets + ApiFleetEpmPackages_Put_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Agent_Privileges' + ApiFleetEpmPackages_Put_Response_200_Item_Agent_Privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + ApiFleetEpmPackages_Put_Response_200_Item_Asset_tags_Item: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + maxItems: 100 + type: array + asset_types: + items: + type: string + maxItems: 10 + type: array + text: + type: string + required: + - text + ApiFleetEpmPackages_Put_Response_200_Item_Assets: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Kibana' + ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Put_Response_200_Item_Elasticsearch: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Put_Response_200_Item_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Screenshots_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Put_Response_200_Item_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Put_Response_200_Item_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_4: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Put_Response_200_Item_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_400_2: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesDatastreamAssets_Delete_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesDatastreamAssets_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesKibanaAssets_Delete_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesKibanaAssets_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesKibanaAssets_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + space_ids: + description: When provided install assets in the specified spaces instead of the current space. + items: + type: string + maxItems: 100 + minItems: 1 + type: array + ApiFleetEpmPackagesKibanaAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesKibanaAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesRuleAssets_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + ApiFleetEpmPackagesRuleAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesRuleAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesTransformsAuthorize_Post_Request: + additionalProperties: false + type: object + properties: + transforms: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Request_Transforms_Item' + maxItems: 1000 + type: array + required: + - transforms + ApiFleetEpmPackagesTransformsAuthorize_Post_Request_Transforms_Item: + additionalProperties: false + type: object + properties: + transformId: + type: string + required: + - transformId + ApiFleetEpmPackagesTransformsAuthorize_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + error: + nullable: true + success: + type: boolean + transformId: + type: string + required: + - transformId + - success + - error + ApiFleetEpmPackagesTransformsAuthorize_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + version: + type: string + required: + - version + - success + ApiFleetEpmPackagesRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesStats_Get_Response_200: + additionalProperties: false + type: object + properties: + response: + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_200_Response' + required: + - response + ApiFleetEpmPackagesStats_Get_Response_200_Response: + additionalProperties: false + type: object + properties: + agent_policy_count: + type: number + package_policy_count: + type: number + required: + - agent_policy_count + - package_policy_count + ApiFleetEpmPackagesStats_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesInstalled_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + searchAfter: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_2' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_3' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_4' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_5' + maxItems: 2 + type: array + total: + type: number + required: + - items + - total + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + dataStreams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_DataStreams_Item' + maxItems: 10000 + type: array + description: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Icons_Item' + maxItems: 10 + type: array + name: + type: string + status: + type: string + title: + type: string + version: + type: string + required: + - name + - version + - status + - dataStreams + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_DataStreams_Item: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + required: + - name + - title + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Icons_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_1: + type: string + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_2: + type: number + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_3: + type: boolean + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_4: + enum: [] + nullable: true + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_5: {} + ApiFleetEpmPackagesInstalled_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesLimited_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackagesLimited_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmTemplatesInputs_Get_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_1' + - $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_2' + ApiFleetEpmTemplatesInputs_Get_Response_200_1: + type: string + ApiFleetEpmTemplatesInputs_Get_Response_200_2: + additionalProperties: false + type: object + properties: + inputs: + items: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Item' + maxItems: 10000 + type: array + required: + - inputs + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Item: + additionalProperties: false + type: object + properties: + id: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + required: + - id + - type + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Data_stream' + id: + type: string + required: + - id + - data_stream + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetEpmTemplatesInputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmVerificationKeyId_Get_Response_200: + additionalProperties: false + type: object + properties: + id: + nullable: true + type: string + required: + - id + ApiFleetEpmVerificationKeyId_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetFleetServerHosts_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl' + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Post_Request: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Ssl' + required: + - name + - host_urls + ApiFleetFleetServerHosts_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl' + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Put_Request: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Ssl' + required: + - proxy_id + ApiFleetFleetServerHosts_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl' + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetHealthCheck_Post_Request: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetHealthCheck_Post_Response_200: + additionalProperties: false + type: object + properties: + host_id: + type: string + name: + type: string + status: + type: string + required: + - status + ApiFleetHealthCheck_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetHealthCheck_Post_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetes_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + type: string + required: + - item + ApiFleetKubernetes_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetesDownload_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetesDownload_Get_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetLogstashApiKeys_Post_Response_200: + additionalProperties: false + type: object + properties: + api_key: + type: string + required: + - api_key + ApiFleetLogstashApiKeys_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_200: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_500: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_4' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetOutputs_Get_Response_200_Items_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_1' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Get_Response_200_Items_Compression_level_1: + type: number + ApiFleetOutputs_Get_Response_200_Items_Compression_level_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Compression_level_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Compression_level_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Compression_level_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Get_Response_200_Items_Connection_type_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Connection_type_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Connection_type_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Connection_type_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Get_Response_200_Items_Password_1: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_1' + ApiFleetOutputs_Get_Response_200_Items_Password_1_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Password_2_1: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Password_2_2: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Password_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Password_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Password_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Password_2_3: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Password_3_1: + type: number + ApiFleetOutputs_Get_Response_200_Items_Password_4_1: + type: object + ApiFleetOutputs_Get_Response_200_Items_Password_5_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Items_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Items_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_3' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_Username_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Username_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Username_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Username_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Username_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Username_5: + type: string + ApiFleetOutputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_4' + ApiFleetOutputs_Post_Request_1: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl' + ApiFleetOutputs_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Post_Request_Shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_2: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets_1: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_1' + ApiFleetOutputs_Post_Request_Secrets_Service_token_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Post_Request_Secrets_Ssl_1: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Post_Request_Shipper_1: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_1: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_3: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets_2: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_2: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_2: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Post_Request_Shipper_2: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_2: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_4: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Post_Request_Compression_level_1: + type: number + ApiFleetOutputs_Post_Request_Compression_level_2: + not: {} + ApiFleetOutputs_Post_Request_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Compression_level_3: + type: number + ApiFleetOutputs_Post_Request_Compression_level_4: + type: object + ApiFleetOutputs_Post_Request_Compression_level_5: + type: string + ApiFleetOutputs_Post_Request_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Post_Request_Connection_type_2: + not: {} + ApiFleetOutputs_Post_Request_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Connection_type_3: + type: number + ApiFleetOutputs_Post_Request_Connection_type_4: + type: object + ApiFleetOutputs_Post_Request_Connection_type_5: + type: string + ApiFleetOutputs_Post_Request_Hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Post_Request_Headers_Item: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Post_Request_Password_1: + not: {} + ApiFleetOutputs_Post_Request_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_1' + ApiFleetOutputs_Post_Request_Password_1_1: + type: string + ApiFleetOutputs_Post_Request_Password_2_1: + not: {} + ApiFleetOutputs_Post_Request_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Post_Request_Password_2_2: + type: boolean + ApiFleetOutputs_Post_Request_Password_3: + type: number + ApiFleetOutputs_Post_Request_Password_4: + type: object + ApiFleetOutputs_Post_Request_Password_5: + type: string + ApiFleetOutputs_Post_Request_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Post_Request_Password_2_3: + type: boolean + ApiFleetOutputs_Post_Request_Password_3_1: + type: number + ApiFleetOutputs_Post_Request_Password_4_1: + type: object + ApiFleetOutputs_Post_Request_Password_5_1: + type: string + ApiFleetOutputs_Post_Request_Random: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Request_Round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Request_Sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Post_Request_Secrets_3: + additionalProperties: false + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_3' + ApiFleetOutputs_Post_Request_Secrets_Password_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Password_2: + type: string + ApiFleetOutputs_Post_Request_Secrets_Ssl_3: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_3: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Post_Request_Shipper_3: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_3: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_Username_1: + type: string + ApiFleetOutputs_Post_Request_Username_2: + not: {} + ApiFleetOutputs_Post_Request_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Username_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Username_3: + type: number + ApiFleetOutputs_Post_Request_Username_4: + type: object + ApiFleetOutputs_Post_Request_Username_5: + type: string + ApiFleetOutputs_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Post_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Post_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Post_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Post_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Post_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_1' + ApiFleetOutputs_Post_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Post_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Post_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetOutputs_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Delete_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Get_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Get_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Get_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Get_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Get_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_1' + ApiFleetOutputs_Get_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Get_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Get_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_4' + ApiFleetOutputs_Put_Request_1: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + ApiFleetOutputs_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl' + ApiFleetOutputs_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Put_Request_Shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_2: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + ApiFleetOutputs_Put_Request_Secrets_1: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_1' + ApiFleetOutputs_Put_Request_Secrets_Service_token_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Put_Request_Secrets_Ssl_1: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Put_Request_Shipper_1: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_1: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_3: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_2' + type: + enum: + - logstash + type: string + ApiFleetOutputs_Put_Request_Secrets_2: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_2: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_2: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Put_Request_Shipper_2: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_2: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_4: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_2' + version: + type: string + required: + - name + - compression_level + - connection_type + - username + - password + ApiFleetOutputs_Put_Request_Compression_level_1: + type: number + ApiFleetOutputs_Put_Request_Compression_level_2: + not: {} + ApiFleetOutputs_Put_Request_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Compression_level_3: + type: number + ApiFleetOutputs_Put_Request_Compression_level_4: + type: object + ApiFleetOutputs_Put_Request_Compression_level_5: + type: string + ApiFleetOutputs_Put_Request_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Put_Request_Connection_type_2: + not: {} + ApiFleetOutputs_Put_Request_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Connection_type_3: + type: number + ApiFleetOutputs_Put_Request_Connection_type_4: + type: object + ApiFleetOutputs_Put_Request_Connection_type_5: + type: string + ApiFleetOutputs_Put_Request_Hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Put_Request_Headers_Item: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Put_Request_Password_1: + not: {} + ApiFleetOutputs_Put_Request_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_1' + ApiFleetOutputs_Put_Request_Password_1_1: + type: string + ApiFleetOutputs_Put_Request_Password_2_1: + not: {} + ApiFleetOutputs_Put_Request_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Put_Request_Password_2_2: + type: boolean + ApiFleetOutputs_Put_Request_Password_3: + type: number + ApiFleetOutputs_Put_Request_Password_4: + type: object + ApiFleetOutputs_Put_Request_Password_5: + type: string + ApiFleetOutputs_Put_Request_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Put_Request_Password_2_3: + type: boolean + ApiFleetOutputs_Put_Request_Password_3_1: + type: number + ApiFleetOutputs_Put_Request_Password_4_1: + type: object + ApiFleetOutputs_Put_Request_Password_5_1: + type: string + ApiFleetOutputs_Put_Request_Random: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Request_Round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Request_Sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Put_Request_Secrets_3: + additionalProperties: false + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_3' + ApiFleetOutputs_Put_Request_Secrets_Password_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Password_2: + type: string + ApiFleetOutputs_Put_Request_Secrets_Ssl_3: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_3: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Put_Request_Shipper_3: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_3: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_Username_1: + type: string + ApiFleetOutputs_Put_Request_Username_2: + not: {} + ApiFleetOutputs_Put_Request_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Username_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Username_3: + type: number + ApiFleetOutputs_Put_Request_Username_4: + type: object + ApiFleetOutputs_Put_Request_Username_5: + type: string + ApiFleetOutputs_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Put_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Put_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Put_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Put_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Put_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_1' + ApiFleetOutputs_Put_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Put_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Put_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputsHealth_Get_Response_200: + additionalProperties: false + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + required: + - state + - message + - timestamp + ApiFleetOutputsHealth_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetPackagePolicies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Items_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Overrides_Inputs' + ApiFleetPackagePolicies_Get_Response_200_Items_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Get_Response_200_Items_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2_1: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_2' + description: You should use inputs as an object and not use the deprecated inputs array. + ApiFleetPackagePolicies_Post_Request_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Item' + maxItems: 1000 + type: array + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars' + required: + - name + - inputs + ApiFleetPackagePolicies_Post_Request_Inputs_Item: + additionalProperties: false + type: object + properties: + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars' + required: + - type + - enabled + ApiFleetPackagePolicies_Post_Request_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Overrides_Inputs' + ApiFleetPackagePolicies_Post_Request_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Post_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_2: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_1' + policy_id: + deprecated: true + description: Deprecated. Use policy_ids instead. + nullable: true + type: string + policy_ids: + description: IDs of the agent policies which that package policy will be added to. + items: + type: string + maxItems: 1000 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars_1' + required: + - name + - package + ApiFleetPackagePolicies_Post_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars_1' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Request_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Request_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Post_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Post_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Post_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesBulkGet_Post_Request: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + ignoreMissing: + type: boolean + required: + - ids + ApiFleetPackagePoliciesBulkGet_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch_Privileges' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_1' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_1' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_2: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides_Inputs' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2_1: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesBulkGet_Post_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePolicies_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Get_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Get_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePolicies_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_2' + ApiFleetPackagePolicies_Put_Request_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + type: boolean + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Item' + maxItems: 100 + type: array + is_managed: + type: boolean + name: + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars' + version: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Item: + additionalProperties: false + type: object + properties: + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars' + required: + - type + - enabled + ApiFleetPackagePolicies_Put_Request_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Overrides_Inputs' + ApiFleetPackagePolicies_Put_Request_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Put_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_2: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_1' + policy_id: + deprecated: true + description: Deprecated. Use policy_ids instead. + nullable: true + type: string + policy_ids: + description: IDs of the agent policies which that package policy will be added to. + items: + type: string + maxItems: 1000 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars_1' + required: + - name + - package + ApiFleetPackagePolicies_Put_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars_1' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Request_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Request_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Put_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Put_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Put_Response_403: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesDelete_Post_Request: + additionalProperties: false + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + required: + - packagePolicyIds + ApiFleetPackagePoliciesDelete_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Body' + id: + type: string + name: + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package' + policy_id: + deprecated: true + description: Use `policy_ids` instead + nullable: true + type: string + policy_ids: + items: + type: string + maxItems: 10000 + type: array + statusCode: + type: number + success: + type: boolean + required: + - id + - success + - policy_ids + - package + ApiFleetPackagePoliciesDelete_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesDelete_Post_Response_200_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesDelete_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + required: + - packagePolicyIds + ApiFleetPackagePoliciesUpgrade_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_200_Body' + id: + type: string + name: + type: string + statusCode: + type: number + success: + type: boolean + required: + - id + - success + ApiFleetPackagePoliciesUpgrade_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesUpgradeDryrun_Post_Request: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + packageVersion: + type: string + required: + - packagePolicyIds + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + agent_diff: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Item' + maxItems: 10000 + type: array + maxItems: 1 + type: array + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Body' + diff: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_2' + maxItems: 2 + type: array + hasErrors: + type: boolean + name: + type: string + statusCode: + type: number + required: + - hasErrors + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Data_stream' + id: + type: string + meta: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta' + name: + type: string + package_policy_id: + type: string + processors: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Item' + maxItems: 10000 + type: array + revision: + type: number + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta: + additionalProperties: true + type: object + properties: + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta_Package' + required: + - package + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta_Package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Item: + additionalProperties: true + type: object + properties: + add_fields: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields' + required: + - add_fields + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields: + additionalProperties: true + type: object + properties: + fields: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields' + target: + type: string + required: + - target + - fields + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_2' + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_1: + type: string + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_2: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Data_stream' + id: + type: string + required: + - data_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch' + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2_1: + type: string + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_2: + additionalProperties: true + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_1' + enabled: + type: boolean + errors: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Errors_Item' + maxItems: 10 + type: array + force: + type: boolean + id: + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item_1' + maxItems: 100 + type: array + is_managed: + type: boolean + missingVars: + items: + type: string + maxItems: 100 + type: array + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_1' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_1' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item_1' + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars' + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_1: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges_1: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Errors_Item: + additionalProperties: false + type: object + properties: + key: + type: string + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item_1: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_1' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item_1' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_2' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item_1: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_1' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_1' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_2' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_2' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_1: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_1' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_1: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges_1: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_2: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_1: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs_1: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetProxies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Get_Response_200_Items_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_1: + type: string + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_2: + type: boolean + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_3: + type: number + ApiFleetProxies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Post_Request: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers' + url: + type: string + required: + - url + - name + ApiFleetProxies_Post_Request_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Post_Request_Proxy_headers_1: + type: string + ApiFleetProxies_Post_Request_Proxy_headers_2: + type: boolean + ApiFleetProxies_Post_Request_Proxy_headers_3: + type: number + ApiFleetProxies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item' + required: + - item + ApiFleetProxies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Post_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetProxies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item' + required: + - item + ApiFleetProxies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Get_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Put_Request: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers' + url: + type: string + required: + - certificate_authorities + - certificate + - certificate_key + ApiFleetProxies_Put_Request_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Put_Request_Proxy_headers_1: + type: string + ApiFleetProxies_Put_Request_Proxy_headers_2: + type: boolean + ApiFleetProxies_Put_Request_Proxy_headers_3: + type: number + ApiFleetProxies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item' + required: + - item + ApiFleetProxies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Put_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item' + required: + - item + ApiFleetSettings_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + action_secret_storage_requirements_met: + type: boolean + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item_Delete_unenrolled_agents' + has_seen_add_data_notice: + type: boolean + id: + type: string + ilm_migration_status: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item_Ilm_migration_status' + integration_knowledge_enabled: + type: boolean + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + maxItems: 1 + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + ssl_secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + ApiFleetSettings_Get_Response_200_Item_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Get_Response_200_Item_Ilm_migration_status: + additionalProperties: false + type: object + properties: + logs: + enum: + - success + nullable: true + type: string + metrics: + enum: + - success + nullable: true + type: string + synthetics: + enum: + - success + nullable: true + type: string + ApiFleetSettings_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Get_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetSettings_Put_Request: + additionalProperties: false + type: object + properties: + additional_yaml_config: + deprecated: true + type: string + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Put_Request_Delete_unenrolled_agents' + has_seen_add_data_notice: + deprecated: true + type: boolean + integration_knowledge_enabled: + type: boolean + kibana_ca_sha256: + deprecated: true + type: string + kibana_urls: + deprecated: true + items: + format: uri + type: string + maxItems: 10 + type: array + prerelease_integrations_enabled: + type: boolean + ApiFleetSettings_Put_Request_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item' + required: + - item + ApiFleetSettings_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + action_secret_storage_requirements_met: + type: boolean + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item_Delete_unenrolled_agents' + has_seen_add_data_notice: + type: boolean + id: + type: string + ilm_migration_status: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item_Ilm_migration_status' + integration_knowledge_enabled: + type: boolean + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + maxItems: 1 + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + ssl_secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + ApiFleetSettings_Put_Response_200_Item_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Put_Response_200_Item_Ilm_migration_status: + additionalProperties: false + type: object + properties: + logs: + enum: + - success + nullable: true + type: string + metrics: + enum: + - success + nullable: true + type: string + synthetics: + enum: + - success + nullable: true + type: string + ApiFleetSettings_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Put_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetSetup_Post_Response_200: + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_200_NonFatalErrors_Item' + maxItems: 10000 + type: array + required: + - isInitialized + - nonFatalErrors + ApiFleetSetup_Post_Response_200_NonFatalErrors_Item: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + ApiFleetSetup_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSetup_Post_Response_500: + additionalProperties: false + description: Internal Server Error + type: object + properties: + message: + type: string + required: + - message + ApiFleetSpaceSettings_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSpaceSettings_Get_Response_200_Item' + required: + - item + ApiFleetSpaceSettings_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 100 + type: array + managed_by: + type: string + required: + - allowed_namespace_prefixes + ApiFleetSpaceSettings_Put_Request: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 10 + type: array + ApiFleetSpaceSettings_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Response_200_Item' + required: + - item + ApiFleetSpaceSettings_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 100 + type: array + managed_by: + type: string + required: + - allowed_namespace_prefixes + ApiFleetUninstallTokens_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetUninstallTokens_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + required: + - id + - policy_id + - created_at + ApiFleetUninstallTokens_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetUninstallTokens_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_Item' + required: + - item + ApiFleetUninstallTokens_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + token: + type: string + required: + - id + - policy_id + - created_at + - token + ApiFleetUninstallTokens_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiLists_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Patch_Request: + example: + id: ip_list + name: Bad ips list - UPDATED + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + $ref: '#/components/schemas/Security_Lists_API_ListVersion' + required: + - id + ApiLists_Patch_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Post_Request: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + ApiLists_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Put_Request: + example: + description: Latest list of bad ips + id: ip_list + name: Bad ips - updated + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + $ref: '#/components/schemas/Security_Lists_API_ListVersion' + required: + - id + - name + - description + ApiLists_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsFind_Get_Response_200: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + ApiListsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Delete_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiListsIndex_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Get_Response_200: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + ApiListsIndex_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiListsIndex_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Delete_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - $ref: '#/components/schemas/ApiListsItems_Delete_Response_200_2' + ApiListsItems_Delete_Response_200_2: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + ApiListsItems_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Get_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - $ref: '#/components/schemas/ApiListsItems_Get_Response_200_2' + ApiListsItems_Get_Response_200_2: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + ApiListsItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Patch_Request: + example: + id: pd1WRJQBs4HAK3VQeHFI + value: 255.255.255.255 + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: Determines when changes made by the request are made visible to search. + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + ApiListsItems_Patch_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Post_Request: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: Determines when changes made by the request are made visible to search. + enum: + - 'true' + - 'false' + - wait_for + example: wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + ApiListsItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Put_Request: + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + ApiListsItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsExport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsFind_Get_Response_200: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + ApiListsItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsImport_Post_Request: + type: object + properties: + file: + description: A `.txt` or `.csv` file containing newline separated list items. + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 + format: binary + type: string + ApiListsItemsImport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsPrivileges_Get_Response_200: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + ApiListsPrivileges_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiMaintenanceWindow_Post_Request: + additionalProperties: false + type: object + properties: + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope' + title: + description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. + type: string + required: + - title + - schedule + ApiMaintenanceWindow_Post_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Post_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Post_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiMaintenanceWindow_Post_Request_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Post_Request_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Post_Request_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. + type: string + required: + - kql + ApiMaintenanceWindow_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowFind_Get_Response_200: + additionalProperties: false + type: object + properties: + maintenanceWindows: + items: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Item' + type: array + page: + type: number + per_page: + type: number + total: + type: number + required: + - page + - per_page + - total + - maintenanceWindows + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Item: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindow_Get_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Get_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Get_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Get_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Get_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Get_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindow_Patch_Request: + additionalProperties: false + type: object + properties: + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope' + title: + description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. + type: string + ApiMaintenanceWindow_Patch_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Patch_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Patch_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiMaintenanceWindow_Patch_Request_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Patch_Request_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Patch_Request_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. + type: string + required: + - kql + ApiMaintenanceWindow_Patch_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Patch_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Patch_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowArchive_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowArchive_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowArchive_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowUnarchive_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiNote_Delete_Request: + oneOf: + - $ref: '#/components/schemas/ApiNote_Delete_Request_1' + - $ref: '#/components/schemas/ApiNote_Delete_Request_2' + ApiNote_Delete_Request_1: + nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + ApiNote_Delete_Request_2: + nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + ApiNote_Patch_Request: + type: object + properties: + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + description: The note to add or update. + noteId: + description: The `savedObjectId` of the note + example: 709f99c6-89b6-4953-9160-35945c8e174e + nullable: true + type: string + version: + description: The version of the note + example: WzQ2LDFd + nullable: true + type: string + required: + - note + ApiObservabilityAiAssistantChatComplete_Post_Request: + type: object + properties: + actions: + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Function' + type: array + connectorId: + description: A unique identifier for the connector. + type: string + conversationId: + description: A unique identifier for the conversation if you are continuing an existing conversation. + type: string + disableFunctions: + description: Flag indicating whether all function calls should be disabled for the conversation. If true, no calls to functions will be made. + type: boolean + instructions: + description: An array of instruction objects, which can be either simple strings or detailed objects. + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction' + type: array + messages: + description: An array of message objects containing the conversation history. + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Message' + type: array + persist: + description: Indicates whether the conversation should be saved to storage. If true, the conversation will be saved and will be available in Kibana. + type: boolean + title: + description: A title for the conversation. + type: string + required: + - messages + - connectorId + - persist + ApiObservabilityAiAssistantChatComplete_Post_Response_200: + type: object + ApiOsqueryPacks_Delete_Response_200: + example: {} + type: object + properties: {} + ApiPinnedEvent_Patch_Request: + type: object + properties: + eventId: + description: The `_id` of the associated event for this pinned event. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + type: string + pinnedEventId: + description: The `savedObjectId` of the pinned event you want to unpin. + example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 + nullable: true + type: string + timelineId: + description: The `savedObjectId` of the timeline that you want this pinned event unpinned from. + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - eventId + - timelineId + ApiRiskScoreEngineDangerouslyDeleteData_Delete_Response_200: + type: object + properties: + cleanup_successful: + type: boolean + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request: + type: object + properties: + enable_reset_to_zero: + type: boolean + exclude_alert_statuses: + items: + type: string + type: array + exclude_alert_tags: + items: + type: string + type: array + filters: + items: + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Filters_Item' + type: array + range: + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Range' + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Filters_Item: + type: object + properties: + entity_types: + items: + enum: + - host + - user + - service + type: string + type: array + filter: + description: KQL filter string + type: string + required: + - entity_types + - filter + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Range: + type: object + properties: + end: + type: string + start: + type: string + ApiRiskScoreEngineSavedObjectConfigure_Patch_Response_200: + type: object + properties: + risk_engine_saved_object_configured: + type: boolean + ApiSavedObjectsExport_Post_Request: + additionalProperties: false + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + hasReference: + anyOf: + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_1' + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_2' + includeReferencesDeep: + default: false + description: Includes all of the referenced objects in the exported objects. + type: boolean + objects: + description: 'A list of objects to export. NOTE: this optional parameter cannot be combined with the `types` option' + items: + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Objects_Item' + maxItems: 10000 + type: array + search: + description: Search for documents to export using the Elasticsearch Simple Query String syntax. + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Type_1' + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Type_2' + description: The saved object types to include in the export. Use `*` to export all the types. Valid options depend on enabled plugins, but may include `visualization`, `dashboard`, `search`, `index-pattern`, `tag`, `config`, `config-global`, `lens`, `map`, `event-annotation-group`, `query`, `url`, `action`, `alert`, `alerting_rule_template`, `apm-indices`, `cases-user-actions`, `cases`, `cases-comments`, `infrastructure-monitoring-log-view`, `ml-trained-model`, `osquery-saved-query`, `osquery-pack`, `osquery-pack-asset`. + ApiSavedObjectsExport_Post_Request_HasReference_1: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_HasReference_2: + items: + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_Item' + type: array + ApiSavedObjectsExport_Post_Request_HasReference_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_Type_1: + type: string + ApiSavedObjectsExport_Post_Request_Type_2: + items: + type: string + type: array + ApiSavedObjectsExport_Post_Response_400: + additionalProperties: false + description: Indicates an unsuccessful response. + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: integer + required: + - error + - message + - statusCode + ApiSavedObjectsImport_Post_Request: + additionalProperties: false + type: object + properties: + file: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Request_File' + required: + - file + ApiSavedObjectsImport_Post_Request_File: + description: 'A file exported using the export API. Changing the contents of the exported file in any way before importing it can cause errors, crashes or data loss. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.' + type: object + ApiSavedObjectsImport_Post_Response_200: + additionalProperties: false + type: object + properties: + errors: + description: |- + Indicates the import was unsuccessful and specifies the objects that failed to import. + + NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. + items: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200_Errors_Item' + type: array + success: + description: Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: number + successResults: + description: |- + Indicates the objects that are successfully imported, with any metadata if applicable. + + NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. + items: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200_SuccessResults_Item' + type: array + required: + - success + - successCount + - errors + - successResults + ApiSavedObjectsImport_Post_Response_200_Errors_Item: + additionalProperties: true + type: object + properties: {} + ApiSavedObjectsImport_Post_Response_200_SuccessResults_Item: + additionalProperties: true + type: object + properties: {} + ApiSavedObjectsImport_Post_Response_400: + additionalProperties: false + description: Indicates an unsuccessful response. + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: integer + required: + - error + - message + - statusCode + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request: + example: + create: + - allowed: true + anonymized: false + field: host.name + - allowed: false + anonymized: true + field: user.name + delete: + ids: + - field5 + - field6 + query: 'field: host.name' + update: + - allowed: true + anonymized: false + id: field8 + - allowed: false + anonymized: true + id: field9 + type: object + properties: + create: + description: Array of anonymization fields to create. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request_Delete' + update: + description: Array of anonymization fields to update. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' + type: array + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request_Delete: + description: Object containing the query to filter anonymization fields and/or an array of anonymization field IDs to delete. + type: object + properties: + ids: + description: Array of IDs to apply the action to. + example: + - '1234' + - '5678' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter the bulk action. + example: 'status: ''inactive''' + type: string + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Response_400: + type: object + properties: + error: + description: Error type or name. + type: string + message: + description: Detailed error message. + type: string + statusCode: + description: Status code of the response. + type: number + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200: + type: object + properties: + aggregations: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations' + all: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' + type: array + data: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations: + type: object + properties: + field_status: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status: + type: object + properties: + buckets: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets: + type: object + properties: + allowed: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Allowed' + anonymized: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Anonymized' + denied: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Denied' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Allowed: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Anonymized: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Denied: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_400: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + ApiSecurityAiAssistantChatComplete_Post_Response_400: + type: object + properties: + error: + description: Error type. + example: Bad Request + type: string + message: + description: Human-readable error message. + example: Invalid request payload. + type: string + statusCode: + description: HTTP status code. + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Request: + type: object + properties: + excludedIds: + description: Optional list of conversation IDs to delete. + example: + - abc123 + - def456 + items: + type: string + type: array + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_200: + type: object + properties: + failures: + items: + type: string + type: array + success: + example: true + type: boolean + totalDeleted: + example: 10 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Post_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: 'Missing required parameter: title' + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_200: + type: object + properties: + data: + description: A list of conversations. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' + type: array + page: + description: The current page of the results. + example: 1 + type: integer + perPage: + description: The number of results returned per page. + example: 20 + type: integer + total: + description: The total number of conversations matching the filter criteria. + example: 100 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid filter query parameter + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400_1: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Get_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Put_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: 'Missing required field: title' + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request: + type: object + properties: + create: + description: List of Knowledge Base Entries to create. + example: + - content: This is the content of the new entry. + title: New Entry + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request_Delete' + update: + description: List of Knowledge Base Entries to update. + example: + - content: Updated content. + id: '123' + title: Updated Entry + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' + type: array + ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request_Delete: + type: object + properties: + ids: + description: Array of Knowledge Base Entry IDs. + example: + - '123' + - '456' + - '789' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter Knowledge Base Entries. + example: status:active AND category:technology + type: string + ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_200: + type: object + properties: + data: + description: The list of Knowledge Base Entries for the current page. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' + type: array + page: + description: The current page number. + example: 1 + type: integer + perPage: + description: The number of Knowledge Base Entries returned per page. + example: 20 + type: integer + total: + description: The total number of Knowledge Base Entries available. + example: 100 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_400: + type: object + properties: + error: + description: A short description of the error. + example: Bad Request + type: string + message: + description: A detailed message explaining the error. + example: 'Invalid query parameter: sort_order' + type: string + statusCode: + description: The HTTP status code of the error. + example: 400 + type: number + ApiSecurityAiAssistantPromptsBulkAction_Post_Request: + type: object + properties: + create: + description: List of prompts to be created. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Request_Delete' + update: + description: List of prompts to be updated. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' + type: array + ApiSecurityAiAssistantPromptsBulkAction_Post_Request_Delete: + description: Criteria for deleting prompts in bulk. + type: object + properties: + ids: + description: Array of IDs to apply the action to. + example: + - '1234' + - '5678' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter the bulk action. + example: 'status: ''inactive''' + type: string + ApiSecurityAiAssistantPromptsBulkAction_Post_Response_400: + type: object + properties: + error: + description: A short error message. + example: Bad Request + type: string + message: + description: A detailed error message. + example: Invalid prompt ID or missing required fields. + type: string + statusCode: + description: The HTTP status code for the error. + example: 400 + type: number + ApiSecurityAiAssistantPromptsFind_Get_Response_200: + example: + data: + - categories: + - troubleshooting + - logging + color: '#FF5733' + consumer: security + content: If you encounter an error, check the logs and retry. + createdAt: '2025-04-20T21:00:00Z' + createdBy: jdoe + id: prompt-123 + isDefault: true + isNewConversationDefault: false + name: Error Troubleshooting Prompt + namespace: default + promptType: standard + timestamp: '2025-04-30T22:30:00Z' + updatedAt: '2025-04-30T22:45:00Z' + updatedBy: jdoe + users: + - full_name: John Doe + username: jdoe + page: 1 + perPage: 20 + total: 142 + type: object + properties: + data: + description: The list of prompts returned based on the search query, sorting, and pagination. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + page: + description: Current page number. + example: 1 + type: integer + perPage: + description: Number of prompts per page. + example: 20 + type: integer + total: + description: Total number of prompts matching the query. + example: 142 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantPromptsFind_Get_Response_400: + type: object + properties: + error: + description: Short error message. + example: Bad Request + type: string + message: + description: Detailed description of the error. + example: Invalid sort order value provided. + type: string + statusCode: + description: HTTP status code for the error. + example: 400 + type: number + ApiSecurityRoleQuery_Post_Request: + additionalProperties: false + type: object + properties: + filters: + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request_Filters' + from: + type: number + query: + type: string + size: + type: number + sort: + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request_Sort' + ApiSecurityRoleQuery_Post_Request_Filters: + additionalProperties: false + type: object + properties: + showReservedRoles: + type: boolean + ApiSecurityRoleQuery_Post_Request_Sort: + additionalProperties: false + type: object + properties: + direction: + enum: + - asc + - desc + type: string + field: + type: string + required: + - field + - direction + ApiSecurityRole_Put_Request: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch' + kibana: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Item' + type: array + metadata: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Metadata' + required: + - elasticsearch + ApiSecurityRole_Put_Request_Elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: Cluster privileges that define the cluster level actions that users can perform. + type: string + maxItems: 100 + type: array + indices: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Indices_Item' + maxItems: 1000 + type: array + remote_cluster: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_cluster_Item' + maxItems: 100 + type: array + remote_indices: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Item' + maxItems: 1000 + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + maxItems: 100 + type: array + ApiSecurityRole_Put_Request_Elasticsearch_Indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. + type: boolean + field_security: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Indices_Field_security' + names: + items: + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that the role members have for the data streams and indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. + type: string + required: + - names + - privileges + ApiSecurityRole_Put_Request_Elasticsearch_Indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRole_Put_Request_Elasticsearch_Remote_cluster_Item: + additionalProperties: false + type: object + properties: + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. + type: string + maxItems: 100 + minItems: 1 + type: array + required: + - privileges + - clusters + ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. + type: boolean + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + field_security: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Field_security' + names: + items: + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that role members have for the specified indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' + type: string + required: + - clusters + - names + - privileges + ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRole_Put_Request_Kibana_Item: + additionalProperties: false + type: object + properties: + base: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_1_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_2_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_3' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_4' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_2' + feature: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Feature' + spaces: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Spaces_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Spaces_2' + default: + - '*' + required: + - base + ApiSecurityRole_Put_Request_Kibana_Base_1: + items: + description: A base privilege that grants applies to all spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRole_Put_Request_Kibana_Base_2: + items: + description: A base privilege that applies to specific spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRole_Put_Request_Kibana_Base_1_1: + items: {} + type: array + ApiSecurityRole_Put_Request_Kibana_Base_2_1: + type: boolean + ApiSecurityRole_Put_Request_Kibana_Base_3: + type: number + ApiSecurityRole_Put_Request_Kibana_Base_4: + type: object + ApiSecurityRole_Put_Request_Kibana_Base_5: + type: string + ApiSecurityRole_Put_Request_Kibana_Feature: + additionalProperties: + items: + description: The privileges that the role member has for the feature. + type: string + maxItems: 100 + type: array + type: object + ApiSecurityRole_Put_Request_Kibana_Spaces_1: + items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + ApiSecurityRole_Put_Request_Kibana_Spaces_2: + items: + description: A space that the privilege applies to. + type: string + maxItems: 1000 + type: array + ApiSecurityRole_Put_Request_Metadata: + additionalProperties: {} + type: object + ApiSecurityRoles_Post_Request: + additionalProperties: false + type: object + properties: + roles: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles' + required: + - roles + ApiSecurityRoles_Post_Request_Roles: + additionalProperties: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Value' + type: object + ApiSecurityRoles_Post_Request_Roles_Value: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch' + kibana: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Item' + type: array + metadata: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Metadata' + required: + - elasticsearch + ApiSecurityRoles_Post_Request_Roles_Elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: Cluster privileges that define the cluster level actions that users can perform. + type: string + maxItems: 100 + type: array + indices: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Item' + maxItems: 1000 + type: array + remote_cluster: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_cluster_Item' + maxItems: 100 + type: array + remote_indices: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Item' + maxItems: 1000 + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + maxItems: 100 + type: array + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. + type: boolean + field_security: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Field_security' + names: + items: + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that the role members have for the data streams and indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. + type: string + required: + - names + - privileges + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_cluster_Item: + additionalProperties: false + type: object + properties: + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. + type: string + maxItems: 100 + minItems: 1 + type: array + required: + - privileges + - clusters + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. + type: boolean + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + field_security: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Field_security' + names: + items: + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that role members have for the specified indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' + type: string + required: + - clusters + - names + - privileges + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Item: + additionalProperties: false + type: object + properties: + base: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_3' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_4' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2' + feature: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Feature' + spaces: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_2' + default: + - '*' + required: + - base + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1: + items: + description: A base privilege that grants applies to all spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2: + items: + description: A base privilege that applies to specific spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1_1: + items: {} + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2_1: + type: boolean + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_3: + type: number + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_4: + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_5: + type: string + ApiSecurityRoles_Post_Request_Roles_Kibana_Feature: + additionalProperties: + items: + description: The privileges that the role member has for the feature. + type: string + maxItems: 100 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_1: + items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_2: + items: + description: A space that the privilege applies to. + type: string + maxItems: 1000 + type: array + ApiSecurityRoles_Post_Request_Roles_Metadata: + additionalProperties: {} + type: object + ApiSpacesSpace_Post_Request: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + maxItems: 100 + type: array + id: + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. + type: string + imageUrl: + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. + type: string + initials: + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + required: + - id + - name + ApiSpacesSpace_Put_Request: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + maxItems: 100 + type: array + id: + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. + type: string + imageUrl: + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. + type: string + initials: + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + required: + - id + - name + ApiStatus_Get_Response_200: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + ApiStatus_Get_Response_503: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + ApiStreams_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Get_Request_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_2' + - $ref: '#/components/schemas/ApiStreams_Get_Request_3' + ApiStreams_Get_Request_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Get_Request_1_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_2_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_3_1' + ApiStreams_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreams_Get_Request_3: + not: {} + ApiStreamsDisable_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_3' + ApiStreamsDisable_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsDisable_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsDisable_Post_Request_3: + not: {} + ApiStreamsEnable_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_3' + ApiStreamsEnable_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsEnable_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsEnable_Post_Request_3: + not: {} + ApiStreamsResync_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_3' + ApiStreamsResync_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsResync_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsResync_Post_Request_3: + not: {} + ApiStreams_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreams_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreams_Delete_Request_3' + ApiStreams_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreams_Delete_Request_3: + not: {} + ApiStreams_Get_Request_1_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Get_Request_2_1: + enum: + - 'null' + nullable: true + ApiStreams_Get_Request_3_1: + not: {} + ApiStreams_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1' + ApiStreams_Put_Request_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2_1' + ApiStreams_Put_Request_1_1: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_10' + ApiStreams_Put_Request_1_2: + type: object + properties: {} + ApiStreams_Put_Request_2: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2' + required: + - stream + ApiStreams_Put_Request_Stream_1: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_3: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_4: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_1' + required: + - stream + ApiStreams_Put_Request_Stream_1_1: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_2' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Processing_1: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_1: + additionalProperties: false + type: object + properties: + ingest: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_1' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_1' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_1: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_2: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_1' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_1: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_1' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_1' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_1' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_2' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_4' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_2' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_2' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_3' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_3' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_3' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_4' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_8: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_8' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_9: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_4' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_4' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_4' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_4' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_4' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_4' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_4' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_4' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_4' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_4' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_4' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_4: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_4' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_4' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_4' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_4' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_8: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_9: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_4: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_4: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_4' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_4: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_4: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_4' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_4: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_5' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_10' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_5' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_5' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_5' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_5' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_5' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_5' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_5' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_5' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_5' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_5' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_5' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_5: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_5' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_5' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_5' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_5' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_10: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_11: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_5: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_5: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_5' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_5: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_5: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_5' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_5: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_12: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_12' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_13: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_6' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_6' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_6' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_6' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_6' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_6' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_6' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_6' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_6' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_6' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_6' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_6: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_6' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_6' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_6' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_6' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_12: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_13: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_6: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_6: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_6: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_6' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_6: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_6' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_6: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_7' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_14: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_14' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_15: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_7' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_7' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_7' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_7' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_7' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_7' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_7' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_7' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_7' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_7' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_7' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_7: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_7' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_7' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_7' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_7' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_14: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_15: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_7: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_7: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_7: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_7' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_7: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_7: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_7' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_7: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_8' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_16: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_16' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_17: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_8' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_8' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_8' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_8' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_8' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_8' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_8' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_8' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_8' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_8' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_8' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_8: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_8' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_8' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_8' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_8' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_16: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_17: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_8: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_8: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_8: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_8' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_8: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_8: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_8' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_8: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_9' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_18: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_18' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_19: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_9' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_9' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_9' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_9' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_9' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_9' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_9' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_9' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_9' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_9' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_9' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_9: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_9' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_9' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_9' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_9' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_18: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_19: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_9: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_9: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_9: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_9' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_9: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_9: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_9' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_9: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_10' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_20: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_20' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_21: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_10' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_10' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_10' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_10' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_10' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_10' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_10' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_10' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_10' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_10' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_10' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_10: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_10' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_10' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_10' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_10' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_20: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_21: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_10: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_10: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_10: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_10' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_10: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_10: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_10' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_10: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_11' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_22: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_22' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_23: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_11' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_11' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_11' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_11' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_11' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_11' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_11' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_11' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_11' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_11' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_11' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_11: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_11' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_11' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_11' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_11' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_22: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_23: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_11: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_11: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_11: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_11' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_11: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_11: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_11' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_11: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_12' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_24: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_24' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_25: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_12' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_12' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_12' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_12' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_12' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_12' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_12' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_12' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_12' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_12' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_12' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_12: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_12' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_12' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_12' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_12' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_24: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_25: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_12: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_12: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_12: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_12' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_12: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_12: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_12' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_12: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_13' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_26: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_26' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_27: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_13' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_13' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_13' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_13' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_13' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_13' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_13' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_13' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_13' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_13' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_13' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_13: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_13' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_13' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_13' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_13' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_26: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_27: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_13: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_13: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_13: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_13' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_13: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_13: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_13' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_13: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_14' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_28: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_28' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_29: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_14' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_14' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_14' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_14' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_14' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_14' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_14' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_14' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_14' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_14' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_14' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_14: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_14' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_14' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_14' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_14' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_28: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_29: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_14: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_14: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_14: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_14' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_14: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_14: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_14' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_14: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_15' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_30: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_30' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_31: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_15' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_15' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_15' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_15' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_15' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_15' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_15' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_15' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_15' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_15' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_15' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_15: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_15' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_15' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_15' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_15' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_30: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_31: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_15: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_15: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_15: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_15' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_15: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_15: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_15' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_15: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_16' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_32: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_32' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_33: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_16' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_16' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_16' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_16' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_16' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_16' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_16' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_16' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_16' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_16' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_16' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_16: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_16' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_16' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_16' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_16' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_32: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_33: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_16: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_16: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_16: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_16' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_16: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_16: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_16' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_16: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_1: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_2' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_2: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_2: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2: + enum: + - -1 + type: number + ApiStreams_Put_Request_Stream_Ingest_2: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_3' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Wired: + additionalProperties: false + type: object + properties: + fields: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields' + routing: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Item' + type: array + required: + - fields + - routing + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_3' + type: object + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_2' + type: object + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5' + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_1: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5_1: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_2: + items: {} + type: array + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_2: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_4' + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Item: + additionalProperties: false + type: object + properties: + destination: + description: A non-empty string. + minLength: 1 + type: string + status: + enum: + - enabled + - disabled + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - destination + - where + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_5: + type: object + properties: {} + ApiStreams_Put_Request_6: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_2' + required: + - stream + ApiStreams_Put_Request_Stream_1_2: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_3: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_2: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_7: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_1' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_1: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_1' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_1' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_1: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_1' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_1' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_1: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_8: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_3' + required: + - stream + ApiStreams_Put_Request_Stream_1_3: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_3' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_3: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_4' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_4: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_3: + additionalProperties: false + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_4' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_4: + additionalProperties: false + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_1' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_1' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_5' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_1' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_1' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_1' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_3' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_2' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_2: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_1' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_3' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_3: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_1' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_1' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_1: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_1: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_1' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_1: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_1' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_5: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_3' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_1' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_3: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_1' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_17' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_1: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_34: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_34' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_35: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_17' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_17' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_17' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_17' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_17' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_17' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_17' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_17' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_17' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_17' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_17' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_17: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_17' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_17' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_17' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_17' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_34: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_35: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_17: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_17: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_17: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_17' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_17: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_17: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_17' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_17: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_18' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_36: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_36' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_37: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_18' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_18' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_18' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_18' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_18' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_18' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_18' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_18' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_18' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_18' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_18' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_18: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_18' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_18' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_18' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_18' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_36: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_37: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_18: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_18: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_18: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_18' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_18: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_18: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_18' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_18: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_1: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_19' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_38: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_38' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_39: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_19' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_19' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_19' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_19' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_19' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_19' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_19' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_19' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_19' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_19' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_19' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_19: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_19' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_19' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_19' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_19' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_38: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_39: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_19: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_19: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_19: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_19' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_19: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_19: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_19' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_19: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_20' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_40: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_40' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_41: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_20' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_20' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_20' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_20' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_20' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_20' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_20' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_20' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_20' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_20' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_20' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_20: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_20' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_20' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_20' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_20' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_40: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_41: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_20: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_20: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_20: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_20' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_20: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_20: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_20' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_20: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_21' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_42: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_42' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_43: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_21' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_21' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_21' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_21' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_21' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_21' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_21' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_21' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_21' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_21' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_21' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_21: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_21' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_21' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_21' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_21' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_42: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_43: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_21: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_21: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_21: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_21' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_21: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_21: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_21' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_21: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_1: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_22' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_44: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_44' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_45: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_22' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_22' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_22' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_22' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_22' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_22' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_22' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_22' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_22' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_22' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_22' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_22: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_22' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_22' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_22' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_22' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_44: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_45: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_22: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_22: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_22: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_22' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_22: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_22: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_22' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_22: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_1: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_23' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_46: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_46' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_47: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_23' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_23' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_23' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_23' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_23' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_23' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_23' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_23' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_23' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_23' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_23' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_23: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_23' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_23' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_23' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_23' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_46: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_47: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_23: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_23: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_23: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_23' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_23: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_23: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_23' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_23: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_1: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_24' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_48: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_48' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_49: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_24' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_24' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_24' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_24' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_24' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_24' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_24' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_24' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_24' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_24' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_24' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_24: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_24' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_24' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_24' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_24' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_48: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_49: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_24: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_24: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_24: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_24' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_24: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_24: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_24' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_24: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_1: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_1: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_25' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_50: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_50' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_51: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_25' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_25' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_25' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_25' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_25' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_25' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_25' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_25' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_25' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_25' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_25' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_25: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_25' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_25' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_25' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_25' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_50: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_51: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_25: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_25: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_25: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_25' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_25: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_25: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_25' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_25: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_26' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_52: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_52' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_53: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_26' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_26' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_26' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_26' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_26' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_26' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_26' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_26' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_26' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_26' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_26' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_26: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_26' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_26' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_26' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_26' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_52: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_53: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_26: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_26: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_26: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_26' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_26: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_26: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_26' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_26: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_27' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_54: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_54' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_55: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_27' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_27' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_27' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_27' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_27' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_27' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_27' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_27' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_27' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_27' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_27' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_27: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_27' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_27' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_27' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_27' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_54: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_55: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_27: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_27: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_27: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_27' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_27: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_27: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_27' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_27: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_28' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_56: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_56' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_57: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_28' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_28' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_28' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_28' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_28' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_28' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_28' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_28' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_28' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_28' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_28' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_28: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_28' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_28' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_28' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_28' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_56: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_57: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_28: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_28: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_28: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_28' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_28: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_28: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_28' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_28: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_29' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_58: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_58' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_59: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_29' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_29' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_29' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_29' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_29' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_29' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_29' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_29' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_29' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_29' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_29' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_29: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_29' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_29' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_29' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_29' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_58: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_59: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_29: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_29: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_29: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_29' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_29: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_29: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_29' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_29: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_30' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_60: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_60' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_61: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_30' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_30' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_30' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_30' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_30' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_30' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_30' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_30' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_30' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_30' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_30' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_30: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_30' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_30' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_30' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_30' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_60: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_61: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_30: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_30: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_30: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_30' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_30: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_30: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_30' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_30: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_1: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_31' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_62: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_62' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_63: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_31' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_31' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_31' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_31' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_31' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_31' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_31' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_31' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_31' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_31' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_31' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_31: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_31' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_31' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_31' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_31' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_62: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_63: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_31: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_31: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_31: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_31' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_31: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_31: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_31' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_31: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_1' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_32' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_1: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_64: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_64' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_65: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_32' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_32' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_32' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_32' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_32' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_32' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_32' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_32' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_32' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_32' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_32' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_32: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_32' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_32' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_32' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_32' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_64: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_65: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_32: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_32: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_32: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_32' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_32: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_32: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_32' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_32: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_1: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_1' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_1' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_33' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_1: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_1: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_66: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_66' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_67: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_33' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_33' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_33' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_33' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_33' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_33' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_33' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_33' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_33' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_33' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_33' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_33: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_33' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_33' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_33' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_33' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_66: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_67: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_33: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_33: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_33: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_33' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_33: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_33: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_33' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_33: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_3: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_5' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_3' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_3: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_4: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_1' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_1' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_5: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_1: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_1' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_1' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_1' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_1: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_1' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_1: + enum: + - -1 + type: number + ApiStreams_Put_Request_9: + type: object + properties: {} + ApiStreams_Put_Request_10: + type: object + properties: {} + ApiStreams_Put_Request_2_1: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_6_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_7_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_8_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_9_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_10_1' + ApiStreams_Put_Request_1_3: + type: object + properties: {} + ApiStreams_Put_Request_2_2: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_4' + required: + - stream + ApiStreams_Put_Request_Stream_1_4: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_5' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_5: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_6' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_6: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_4: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_3_1: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_2' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_2: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_2' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_2' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_2: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_2' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_4' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_2' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_2' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_2: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_4_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_5' + required: + - stream + ApiStreams_Put_Request_Stream_1_5: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_6' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_6: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_7' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_7: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_5: + additionalProperties: false + type: object + properties: + ingest: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2_1' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_1_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_2' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_2' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_8' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_2' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_4: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_2' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_4: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_2' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_5' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_5: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_4' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_4: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_2' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_2: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_5: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_5' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_5: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_2' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_2: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_2' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_2: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_2' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_2: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_2' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_2: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_2' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_8: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_5' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_2' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_5: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_2' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_68' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_69' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_34' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_2: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_68: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_69' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_68' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_69: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_34' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_34' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_34' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_34' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_34' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_34' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_34' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_34' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_34' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_34' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_34' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_34: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_34' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_34' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_34' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_34' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_68: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_69: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_34: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_34: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_34: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_34' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_34: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_34: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_34' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_34: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_4: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_70' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_71' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_35' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_70: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_71' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_70' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_71: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_35' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_35' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_35' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_35' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_35' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_35' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_35' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_35' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_35' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_35' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_35' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_35: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_35' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_35' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_35' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_35' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_70: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_71: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_35: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_35: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_35: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_35' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_35: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_35: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_35' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_35: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_2: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_72' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_73' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_36' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_72: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_73' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_72' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_73: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_36' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_36' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_36' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_36' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_36' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_36' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_36' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_36' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_36' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_36' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_36' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_36: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_36' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_36' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_36' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_36' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_72: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_73: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_36: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_36: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_36: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_36' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_36: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_36: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_36' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_36: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_74' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_75' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_37' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_74: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_75' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_74' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_75: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_37' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_37' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_37' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_37' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_37' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_37' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_37' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_37' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_37' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_37' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_37' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_37: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_37' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_37' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_37' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_37' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_74: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_75: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_37: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_37: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_37: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_37' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_37: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_37: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_37' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_37: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_76' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_77' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_38' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_76: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_77' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_76' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_77: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_38' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_38' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_38' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_38' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_38' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_38' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_38' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_38' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_38' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_38' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_38' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_38: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_38' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_38' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_38' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_38' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_76: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_77: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_38: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_38: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_38: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_38' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_38: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_38: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_38' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_38: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_2: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_78' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_79' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_39' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_78: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_79' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_78' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_79: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_39' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_39' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_39' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_39' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_39' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_39' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_39' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_39' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_39' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_39' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_39' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_39: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_39' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_39' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_39' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_39' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_78: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_79: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_39: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_39: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_39: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_39' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_39: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_39: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_39' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_39: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_2: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_80' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_81' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_40' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_80: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_81' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_80' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_81: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_40' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_40' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_40' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_40' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_40' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_40' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_40' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_40' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_40' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_40' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_40' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_40: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_40' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_40' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_40' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_40' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_80: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_81: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_40: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_40: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_40: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_40' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_40: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_40: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_40' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_40: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_2: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_82' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_83' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_41' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_82: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_83' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_82' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_83: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_41' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_41' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_41' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_41' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_41' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_41' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_41' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_41' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_41' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_41' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_41' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_41: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_41' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_41' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_41' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_41' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_82: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_83: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_41: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_41: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_41: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_41' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_41: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_41: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_41' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_41: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_2: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_2: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_84' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_85' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_42' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_84: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_85' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_84' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_85: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_42' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_42' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_42' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_42' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_42' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_42' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_42' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_42' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_42' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_42' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_42' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_42: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_42' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_42' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_42' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_42' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_84: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_85: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_42: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_42: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_42: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_42' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_42: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_42: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_42' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_42: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_86' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_87' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_43' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_86: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_87' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_86' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_87: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_43' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_43' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_43' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_43' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_43' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_43' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_43' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_43' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_43' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_43' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_43' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_43: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_43' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_43' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_43' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_43' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_86: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_87: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_43: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_43: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_43: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_43' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_43: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_43: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_43' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_43: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_88' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_89' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_44' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_88: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_89' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_88' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_89: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_44' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_44' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_44' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_44' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_44' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_44' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_44' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_44' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_44' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_44' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_44' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_44: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_44' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_44' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_44' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_44' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_88: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_89: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_44: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_44: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_44: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_44' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_44: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_44: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_44' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_44: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_90' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_91' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_45' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_90: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_91' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_90' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_91: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_45' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_45' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_45' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_45' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_45' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_45' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_45' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_45' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_45' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_45' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_45' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_45: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_45' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_45' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_45' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_45' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_90: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_91: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_45: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_45: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_45: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_45' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_45: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_45: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_45' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_45: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_92' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_93' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_46' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_92: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_93' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_92' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_93: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_46' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_46' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_46' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_46' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_46' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_46' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_46' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_46' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_46' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_46' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_46' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_46: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_46' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_46' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_46' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_46' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_92: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_93: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_46: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_46: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_46: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_46' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_46: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_46: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_46' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_46: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_94' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_95' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_47' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_94: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_95' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_94' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_95: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_47' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_47' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_47' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_47' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_47' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_47' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_47' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_47' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_47' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_47' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_47' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_47: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_47' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_47' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_47' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_47' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_94: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_95: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_47: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_47: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_47: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_47' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_47: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_47: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_47' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_47: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_2: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_96' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_97' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_48' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_96: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_97' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_96' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_97: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_48' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_48' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_48' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_48' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_48' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_48' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_48' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_48' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_48' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_48' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_48' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_48: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_48' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_48' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_48' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_48' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_96: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_97: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_48: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_48: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_48: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_48' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_48: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_48: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_48' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_48: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_98' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_99' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_49' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_2: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_98: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_99' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_98' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_99: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_49' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_49' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_49' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_49' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_49' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_49' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_49' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_49' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_49' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_49' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_49' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_49: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_49' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_49' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_49' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_49' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_98: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_99: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_49: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_49: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_49: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_49' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_49: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_49: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_49' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_49: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_2: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_2' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_2' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_100' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_101' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_50' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_2: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_2: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_100: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_101' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_100' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_101: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_50' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_50' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_50' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_50' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_50' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_50' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_50' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_50' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_50' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_50' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_50' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_50: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_50' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_50' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_50' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_50' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_100: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_101: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_50: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_50: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_50: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_50' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_50: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_50: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_50' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_50: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_5: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_8' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_2' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_7: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_8: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_2' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_2' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_8: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_2: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_2' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_2' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_2' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_2: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_2: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_2: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_2' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_2: + enum: + - -1 + type: number + ApiStreams_Put_Request_Stream_Ingest_2_1: + type: object + properties: + classic: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic' + required: + - classic + ApiStreams_Put_Request_Stream_Ingest_Classic: + additionalProperties: false + type: object + properties: + field_overrides: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_3' + type: object + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_2' + type: object + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_1: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5_1: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_2: + items: {} + type: array + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_2: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_4' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreams_Put_Request_5_1: + type: object + properties: {} + ApiStreams_Put_Request_6_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_6' + required: + - stream + ApiStreams_Put_Request_Stream_1_6: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_7' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_7: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_9' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_9: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_6: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_7_1: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_3' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_3: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_3: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_3' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_3' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_3: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_3' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_3' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_3' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_3: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_8_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_7' + required: + - stream + ApiStreams_Put_Request_Stream_1_7: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_8' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_8: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_10' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_10: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_7: + additionalProperties: false + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_9' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_9: + additionalProperties: false + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_3' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_11' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_3' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_6: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_3' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_6: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_3' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_7' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_7: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_6' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_6: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_3' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_3: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_7: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_7' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_7: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_3' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_3: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_3' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_3: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_3' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_3: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_3: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_3' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_3: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_3' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_11: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_7' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_3' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_7: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_3' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_102' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_103' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_51' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_3: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_102: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_103' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_102' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_103: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_51' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_51' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_51' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_51' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_51' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_51' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_51' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_51' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_51' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_51' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_51' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_51: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_51' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_51' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_51' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_51' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_102: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_103: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_51: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_51: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_51: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_51' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_51: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_51: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_51' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_51: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_6: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_104' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_105' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_52' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_104: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_105' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_104' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_105: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_52' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_52' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_52' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_52' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_52' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_52' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_52' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_52' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_52' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_52' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_52' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_52: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_52' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_52' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_52' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_52' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_104: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_105: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_52: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_52: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_52: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_52' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_52: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_52: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_52' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_52: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_106' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_107' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_53' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_106: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_107' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_106' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_107: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_53' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_53' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_53' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_53' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_53' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_53' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_53' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_53' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_53' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_53' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_53' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_53: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_53' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_53' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_53' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_53' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_106: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_107: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_53: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_53: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_53: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_53' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_53: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_53: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_53' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_53: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_108' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_109' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_54' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_108: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_109' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_108' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_109: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_54' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_54' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_54' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_54' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_54' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_54' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_54' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_54' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_54' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_54' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_54' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_54: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_54' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_54' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_54' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_54' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_108: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_109: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_54: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_54: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_54: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_54' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_54: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_54: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_54' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_54: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_110' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_111' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_55' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_110: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_111' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_110' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_111: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_55' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_55' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_55' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_55' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_55' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_55' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_55' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_55' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_55' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_55' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_55' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_55: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_55' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_55' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_55' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_55' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_110: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_111: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_55: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_55: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_55: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_55' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_55: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_55: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_55' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_55: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_3: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_112' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_113' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_56' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_112: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_113' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_112' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_113: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_56' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_56' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_56' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_56' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_56' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_56' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_56' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_56' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_56' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_56' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_56' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_56: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_56' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_56' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_56' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_56' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_112: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_113: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_56: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_56: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_56: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_56' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_56: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_56: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_56' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_56: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_3: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_114' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_115' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_57' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_114: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_115' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_114' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_115: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_57' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_57' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_57' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_57' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_57' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_57' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_57' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_57' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_57' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_57' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_57' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_57: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_57' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_57' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_57' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_57' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_114: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_115: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_57: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_57: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_57: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_57' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_57: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_57: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_57' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_57: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_3: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_116' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_117' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_58' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_116: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_117' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_116' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_117: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_58' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_58' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_58' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_58' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_58' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_58' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_58' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_58' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_58' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_58' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_58' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_58: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_58' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_58' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_58' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_58' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_116: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_117: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_58: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_58: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_58: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_58' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_58: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_58: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_58' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_58: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_3: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_3: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_118' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_119' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_59' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_118: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_119' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_118' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_119: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_59' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_59' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_59' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_59' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_59' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_59' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_59' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_59' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_59' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_59' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_59' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_59: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_59' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_59' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_59' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_59' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_118: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_119: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_59: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_59: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_59: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_59' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_59: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_59: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_59' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_59: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_120' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_121' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_60' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_120: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_121' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_120' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_121: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_60' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_60' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_60' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_60' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_60' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_60' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_60' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_60' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_60' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_60' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_60' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_60: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_60' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_60' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_60' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_60' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_120: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_121: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_60: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_60: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_60: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_60' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_60: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_60: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_60' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_60: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_122' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_123' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_61' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_122: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_123' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_122' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_123: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_61' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_61' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_61' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_61' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_61' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_61' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_61' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_61' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_61' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_61' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_61' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_61: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_61' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_61' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_61' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_61' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_122: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_123: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_61: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_61: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_61: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_61' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_61: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_61: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_61' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_61: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_124' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_125' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_62' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_124: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_125' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_124' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_125: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_62' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_62' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_62' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_62' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_62' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_62' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_62' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_62' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_62' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_62' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_62' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_62: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_62' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_62' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_62' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_62' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_124: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_125: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_62: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_62: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_62: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_62' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_62: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_62: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_62' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_62: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_126' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_127' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_63' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_126: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_127' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_126' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_127: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_63' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_63' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_63' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_63' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_63' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_63' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_63' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_63' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_63' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_63' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_63' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_63: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_63' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_63' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_63' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_63' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_126: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_127: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_63: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_63: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_63: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_63' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_63: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_63: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_63' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_63: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_128' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_129' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_64' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_128: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_129' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_128' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_129: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_64' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_64' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_64' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_64' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_64' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_64' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_64' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_64' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_64' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_64' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_64' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_64: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_64' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_64' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_64' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_64' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_128: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_129: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_64: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_64: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_64: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_64' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_64: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_64: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_64' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_64: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_3: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_130' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_131' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_65' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_130: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_131' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_130' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_131: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_65' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_65' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_65' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_65' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_65' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_65' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_65' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_65' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_65' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_65' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_65' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_65: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_65' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_65' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_65' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_65' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_130: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_131: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_65: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_65: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_65: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_65' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_65: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_65: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_65' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_65: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_3' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_132' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_133' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_66' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_3: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_3: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_132: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_133' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_132' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_133: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_66' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_66' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_66' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_66' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_66' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_66' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_66' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_66' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_66' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_66' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_66' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_66: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_66' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_66' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_66' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_66' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_132: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_133: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_66: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_66: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_66: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_66' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_66: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_66: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_66' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_66: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_3: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_3' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_3' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_134' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_135' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_67' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_3: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_3: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_134: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_135' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_134' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_135: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_67' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_67' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_67' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_67' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_67' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_67' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_67' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_67' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_67' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_67' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_67' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_67: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_67' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_67' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_67' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_67' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_134: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_135: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_67: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_67: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_67: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_67' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_67: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_67: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_67' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_67: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_7: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_11' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_9: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_3' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_9' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_9: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_10: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_3' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_3' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_11: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_3: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_3' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_3' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_3' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_3: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_3: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_3: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_3' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_3: + enum: + - -1 + type: number + ApiStreams_Put_Request_9_1: + type: object + properties: {} + ApiStreams_Put_Request_10_1: + type: object + properties: {} + ApiStreamsFork_Post_Request: + additionalProperties: false + type: object + properties: + status: + enum: + - enabled + - disabled + type: string + stream: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Stream' + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_3' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_4' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_5' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - stream + - where + ApiStreamsFork_Post_Request_Stream: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + ApiStreamsFork_Post_Request_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsFork_Post_Request_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsFork_Post_Request_Where_Contains_1: + type: string + ApiStreamsFork_Post_Request_Where_Contains_2: + type: number + ApiStreamsFork_Post_Request_Where_Contains_3: + type: boolean + ApiStreamsFork_Post_Request_Where_EndsWith_1: + type: string + ApiStreamsFork_Post_Request_Where_EndsWith_2: + type: number + ApiStreamsFork_Post_Request_Where_EndsWith_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Eq_1: + type: string + ApiStreamsFork_Post_Request_Where_Eq_2: + type: number + ApiStreamsFork_Post_Request_Where_Eq_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Gt_1: + type: string + ApiStreamsFork_Post_Request_Where_Gt_2: + type: number + ApiStreamsFork_Post_Request_Where_Gt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Gte_1: + type: string + ApiStreamsFork_Post_Request_Where_Gte_2: + type: number + ApiStreamsFork_Post_Request_Where_Gte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Includes_1: + type: string + ApiStreamsFork_Post_Request_Where_Includes_2: + type: number + ApiStreamsFork_Post_Request_Where_Includes_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Lt_1: + type: string + ApiStreamsFork_Post_Request_Where_Lt_2: + type: number + ApiStreamsFork_Post_Request_Where_Lt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Lte_1: + type: string + ApiStreamsFork_Post_Request_Where_Lte_2: + type: number + ApiStreamsFork_Post_Request_Where_Lte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Neq_1: + type: string + ApiStreamsFork_Post_Request_Where_Neq_2: + type: number + ApiStreamsFork_Post_Request_Where_Neq_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsFork_Post_Request_Where_Range_Gt_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Gt_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Gt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Gte_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Gte_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Gte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Lt_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Lt_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Lt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Lte_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Lte_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Lte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_StartsWith_1: + type: string + ApiStreamsFork_Post_Request_Where_StartsWith_2: + type: number + ApiStreamsFork_Post_Request_Where_StartsWith_3: + type: boolean + ApiStreamsFork_Post_Request_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsFork_Post_Request_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsFork_Post_Request_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsFork_Post_Request_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsFork_Post_Request_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Never' + required: + - never + ApiStreamsFork_Post_Request_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsFork_Post_Request_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Always' + required: + - always + ApiStreamsFork_Post_Request_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_3' + ApiStreamsIngest_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Get_Request_3: + not: {} + ApiStreamsIngest_Put_Request: + additionalProperties: false + type: object + properties: + ingest: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2_1' + required: + - ingest + ApiStreamsIngest_Put_Request_Ingest_1: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2' + ApiStreamsIngest_Put_Request_Ingest_1_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3' + processing: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing' + settings: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_1' + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled' + required: + - enabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_1' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_1: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl' + required: + - dsl + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item' + type: array + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm' + required: + - ilm + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_1' + type: array + updated_at: + not: {} + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18' + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_1: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions: + additionalProperties: + type: string + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_1' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_1' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_1' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_2' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_4' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_2' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_2' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_3' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_6' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_3' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_3' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_4' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_8: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_8' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_9: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_4' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_4' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_4' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_4' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_4' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_4' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_4' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_4' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_4' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_4' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_4' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_4: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_4' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_4' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_4' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_4' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_8: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_9: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_4: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_4: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_4' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_4: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_4: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_4' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_4: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_5' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_10' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_5' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_5' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_5' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_5' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_5' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_5' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_5' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_5' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_5' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_5' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_5' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_5: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_5' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_5' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_5' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_5' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_10: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_11: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_5: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_5: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_5' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_5: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_5: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_5' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_5: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_12: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_12' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_13: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_6' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_6' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_6' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_6' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_6' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_6' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_6' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_6' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_6' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_6' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_6' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_6: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_6' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_6' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_6' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_6' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_12: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_13: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_6: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_6: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_6: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_6' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_6: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_6' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_6: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_7' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_14: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_14' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_15: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_7' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_7' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_7' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_7' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_7' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_7' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_7' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_7' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_7' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_7' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_7' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_7: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_7' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_7' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_7' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_7' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_14: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_15: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_7: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_7: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_7: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_7' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_7: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_7: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_7' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_7: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_8' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_16: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_16' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_17: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_8' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_8' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_8' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_8' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_8' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_8' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_8' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_8' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_8' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_8' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_8' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_8: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_8' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_8' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_8' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_8' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_16: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_17: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_8: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_8: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_8: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_8' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_8: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_8: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_8' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_8: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_9' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_18: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_18' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_19: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_9' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_9' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_9' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_9' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_9' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_9' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_9' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_9' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_9' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_9' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_9' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_9: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_9' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_9' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_9' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_9' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_18: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_19: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_9: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_9: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_9: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_9' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_9: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_9: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_9' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_9: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_10' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_20: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_20' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_21: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_10' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_10' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_10' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_10' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_10' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_10' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_10' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_10' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_10' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_10' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_10' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_10: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_10' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_10' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_10' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_10' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_20: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_21: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_10: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_10: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_10: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_10' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_10: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_10: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_10' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_10: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_11' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_22: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_22' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_23: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_11' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_11' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_11' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_11' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_11' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_11' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_11' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_11' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_11' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_11' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_11' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_11: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_11' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_11' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_11' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_11' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_22: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_23: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_11: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_11: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_11: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_11' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_11: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_11: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_11' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_11: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_12' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_24: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_24' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_25: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_12' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_12' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_12' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_12' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_12' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_12' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_12' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_12' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_12' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_12' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_12' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_12: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_12' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_12' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_12' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_12' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_24: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_25: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_12: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_12: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_12: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_12' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_12: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_12: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_12' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_12: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_13' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_26: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_26' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_27: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_13' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_13' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_13' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_13' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_13' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_13' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_13' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_13' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_13' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_13' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_13' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_13: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_13' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_13' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_13' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_13' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_26: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_27: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_13: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_13: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_13: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_13' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_13: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_13: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_13' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_13: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_14' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_28: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_28' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_29: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_14' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_14' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_14' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_14' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_14' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_14' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_14' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_14' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_14' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_14' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_14' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_14: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_14' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_14' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_14' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_14' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_28: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_29: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_14: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_14: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_14: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_14' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_14: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_14: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_14' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_14: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_15' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_30: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_30' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_31: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_15' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_15' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_15' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_15' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_15' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_15' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_15' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_15' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_15' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_15' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_15' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_15: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_15' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_15' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_15' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_15' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_30: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_31: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_15: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_15: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_15: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_15' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_15: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_15: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_15' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_15: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_16' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item: + additionalProperties: {} + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_32: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_32' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_33: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_16' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_16' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_16' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_16' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_16' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_16' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_16' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_16' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_16' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_16' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_16' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_16: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_16' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_16' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_16' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_16' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_32: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_33: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_16: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_16: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_16: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_16' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_16: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_16: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_16' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_16: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_1: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_2' + customIdentifier: + type: string + required: + - condition + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_2: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_2: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Settings: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval' + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2' + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2: + enum: + - -1 + type: number + ApiStreamsIngest_Put_Request_Ingest_2: + type: object + properties: + wired: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired' + required: + - wired + ApiStreamsIngest_Put_Request_Ingest_Wired: + additionalProperties: false + type: object + properties: + fields: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields' + routing: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Item' + type: array + required: + - fields + - routing + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_3' + type: object + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_2' + type: object + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5' + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_1: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5_1: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_2: + items: {} + type: array + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_2: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_4' + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Item: + additionalProperties: false + type: object + properties: + destination: + description: A non-empty string. + minLength: 1 + type: string + status: + enum: + - enabled + - disabled + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - destination + - where + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_2_1: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2_2' + ApiStreamsIngest_Put_Request_Ingest_1_2: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_3_1' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3_1' + processing: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_1' + settings: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_1' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit_1' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled_1' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_3_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_3' + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_2' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_2: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled_1' + required: + - enabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_3' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_3: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled_1' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_1' + required: + - dsl + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item_1: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2_1: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm_1' + required: + - ilm + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm_1: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit_1' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_1: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_3' + type: array + updated_at: + not: {} + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18_1' + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_3: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions_1' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_34' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_35' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_17' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions_1: + additionalProperties: + type: string + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_34: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_35' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_34' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_35: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_17' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_17' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_17' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_17' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_17' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_17' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_17' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_17' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_17' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_17' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_17' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_17: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_17' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_17' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_17' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_17' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_34: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_35: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_17: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_17: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_17: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_17' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_17: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_17: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_17' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_17: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_36' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_37' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_18' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_36: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_37' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_36' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_37: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_18' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_18' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_18' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_18' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_18' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_18' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_18' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_18' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_18' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_18' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_18' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_18: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_18' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_18' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_18' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_18' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_36: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_37: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_18: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_18: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_18: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_18' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_18: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_18: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_18' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_18: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3_1: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_38' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_39' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_19' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_38: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_39' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_38' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_39: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_19' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_19' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_19' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_19' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_19' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_19' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_19' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_19' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_19' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_19' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_19' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_19: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_19' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_19' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_19' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_19' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_38: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_39: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_19: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_19: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_19: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_19' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_19: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_19: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_19' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_19: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_40' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_41' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_20' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_40: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_41' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_40' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_41: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_20' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_20' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_20' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_20' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_20' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_20' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_20' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_20' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_20' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_20' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_20' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_20: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_20' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_20' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_20' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_20' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_40: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_41: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_20: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_20: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_20: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_20' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_20: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_20: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_20' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_20: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_42' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_43' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_21' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_42: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_43' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_42' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_43: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_21' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_21' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_21' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_21' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_21' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_21' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_21' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_21' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_21' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_21' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_21' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_21: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_21' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_21' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_21' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_21' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_42: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_43: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_21: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_21: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_21: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_21' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_21: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_21: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_21' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_21: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6_1: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_44' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_45' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_22' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_44: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_45' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_44' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_45: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_22' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_22' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_22' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_22' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_22' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_22' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_22' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_22' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_22' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_22' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_22' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_22: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_22' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_22' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_22' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_22' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_44: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_45: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_22: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_22: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_22: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_22' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_22: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_22: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_22' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_22: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7_1: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_46' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_47' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_23' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_46: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_47' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_46' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_47: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_23' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_23' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_23' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_23' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_23' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_23' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_23' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_23' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_23' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_23' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_23' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_23: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_23' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_23' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_23' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_23' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_46: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_47: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_23: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_23: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_23: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_23' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_23: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_23: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_23' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_23: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8_1: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_48' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_49' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_24' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_48: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_49' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_48' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_49: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_24' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_24' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_24' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_24' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_24' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_24' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_24' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_24' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_24' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_24' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_24' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_24: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_24' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_24' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_24' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_24' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_48: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_49: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_24: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_24: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_24: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_24' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_24: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_24: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_24' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_24: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9_1: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10_1: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_50' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_51' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_25' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_50: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_51' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_50' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_51: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_25' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_25' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_25' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_25' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_25' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_25' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_25' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_25' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_25' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_25' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_25' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_25: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_25' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_25' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_25' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_25' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_50: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_51: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_25: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_25: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_25: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_25' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_25: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_25: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_25' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_25: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_52' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_53' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_26' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_52: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_53' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_52' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_53: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_26' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_26' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_26' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_26' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_26' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_26' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_26' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_26' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_26' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_26' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_26' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_26: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_26' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_26' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_26' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_26' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_52: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_53: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_26: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_26: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_26: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_26' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_26: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_26: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_26' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_26: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_54' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_55' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_27' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_54: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_55' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_54' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_55: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_27' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_27' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_27' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_27' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_27' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_27' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_27' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_27' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_27' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_27' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_27' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_27: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_27' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_27' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_27' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_27' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_54: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_55: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_27: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_27: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_27: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_27' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_27: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_27: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_27' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_27: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_56' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_57' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_28' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_56: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_57' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_56' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_57: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_28' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_28' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_28' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_28' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_28' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_28' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_28' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_28' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_28' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_28' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_28' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_28: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_28' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_28' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_28' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_28' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_56: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_57: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_28: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_28: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_28: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_28' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_28: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_28: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_28' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_28: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_58' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_59' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_29' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_58: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_59' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_58' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_59: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_29' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_29' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_29' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_29' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_29' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_29' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_29' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_29' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_29' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_29' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_29' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_29: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_29' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_29' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_29' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_29' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_58: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_59: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_29: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_29: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_29: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_29' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_29: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_29: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_29' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_29: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_60' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_61' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_30' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_60: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_61' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_60' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_61: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_30' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_30' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_30' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_30' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_30' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_30' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_30' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_30' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_30' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_30' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_30' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_30: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_30' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_30' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_30' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_30' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_60: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_61: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_30: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_30: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_30: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_30' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_30: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_30: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_30' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_30: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16_1: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_62' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_63' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_31' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_62: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_63' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_62' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_63: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_31' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_31' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_31' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_31' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_31' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_31' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_31' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_31' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_31' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_31' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_31' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_31: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_31' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_31' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_31' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_31' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_62: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_63: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_31: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_31: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_31: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_31' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_31: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_31: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_31' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_31: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2_1' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_64' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_65' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_32' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2_1: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_64: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_65' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_64' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_65: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_32' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_32' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_32' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_32' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_32' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_32' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_32' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_32' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_32' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_32' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_32' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_32: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_32' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_32' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_32' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_32' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_64: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_65: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_32: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_32: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_32: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_32' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_32: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_32: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_32' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_32: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18_1: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item_1' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item_1' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_66' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_67' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_33' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item_1: + additionalProperties: {} + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item_1: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_66: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_67' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_66' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_67: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_33' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_33' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_33' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_33' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_33' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_33' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_33' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_33' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_33' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_33' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_33' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_33: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_33' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_33' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_33' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_33' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_66: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_67: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_33: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_33: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_33: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_33' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_33: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_33: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_33' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_33: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_3: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_5' + customIdentifier: + type: string + required: + - condition + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_3' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_3: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_4: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never_1' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always_1' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_5: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Settings_1: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas_1' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards_1' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_1' + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_1: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2_1' + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2_1: + enum: + - -1 + type: number + ApiStreamsIngest_Put_Request_Ingest_2_2: + type: object + properties: + classic: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic' + required: + - classic + ApiStreamsIngest_Put_Request_Ingest_Classic: + additionalProperties: false + type: object + properties: + field_overrides: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_3' + type: object + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_2' + type: object + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_1: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5_1: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_2: + items: {} + type: array + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_2: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_4' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreamsContentExport_Post_Request: + additionalProperties: false + type: object + properties: + description: + type: string + include: + anyOf: + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_1' + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_2' + name: + type: string + version: + type: string + required: + - name + - description + - version + - include + ApiStreamsContentExport_Post_Request_Include_1: + additionalProperties: false + type: object + properties: + objects: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects' + required: + - objects + ApiStreamsContentExport_Post_Request_Include_Objects: + additionalProperties: false + type: object + properties: + all: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_All' + required: + - all + ApiStreamsContentExport_Post_Request_Include_Objects_All: + additionalProperties: false + type: object + properties: {} + ApiStreamsContentExport_Post_Request_Include_2: + additionalProperties: false + type: object + properties: + objects: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_1' + required: + - objects + ApiStreamsContentExport_Post_Request_Include_Objects_1: + additionalProperties: false + type: object + properties: + mappings: + type: boolean + queries: + items: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Queries_Item' + type: array + routing: + items: + allOf: + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Routing_1' + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Routing_2' + type: array + required: + - mappings + - queries + - routing + ApiStreamsContentExport_Post_Request_Include_Objects_Queries_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiStreamsContentExport_Post_Request_Include_Objects_Routing_1: {} + ApiStreamsContentExport_Post_Request_Include_Objects_Routing_2: + type: object + properties: + destination: + type: string + required: + - destination + ApiStreamsContentImport_Post_Request: + additionalProperties: false + type: object + properties: + content: {} + include: + type: string + required: + - include + - content + ApiStreamsQueries_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_3' + ApiStreamsQueries_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsQueries_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsQueries_Get_Request_3: + not: {} + ApiStreamsQueriesBulk_Post_Request: + additionalProperties: false + type: object + properties: + operations: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_2' + type: array + required: + - operations + ApiStreamsQueriesBulk_Post_Request_Operations_1: + additionalProperties: false + type: object + properties: + index: + allOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_2' + required: + - index + ApiStreamsQueriesBulk_Post_Request_Operations_Index_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreamsQueriesBulk_Post_Request_Operations_Index_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Kql' + severity_score: + type: number + required: + - kql + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Never' + required: + - never + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Always' + required: + - always + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsQueriesBulk_Post_Request_Operations_2: + additionalProperties: false + type: object + properties: + delete: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Delete' + required: + - delete + ApiStreamsQueriesBulk_Post_Request_Operations_Delete: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiStreamsQueries_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_3' + ApiStreamsQueries_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsQueries_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsQueries_Delete_Request_3: + not: {} + ApiStreamsQueries_Put_Request: + additionalProperties: false + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Kql' + severity_score: + type: number + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - title + - kql + ApiStreamsQueries_Put_Request_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsQueries_Put_Request_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsQueries_Put_Request_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsQueries_Put_Request_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsQueries_Put_Request_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsQueries_Put_Request_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsQueries_Put_Request_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Never' + required: + - never + ApiStreamsQueries_Put_Request_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsQueries_Put_Request_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Always' + required: + - always + ApiStreamsQueries_Put_Request_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsQueries_Put_Request_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsSignificantEvents_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_3' + ApiStreamsSignificantEvents_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsSignificantEvents_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsSignificantEvents_Get_Request_3: + not: {} + ApiStreamsSignificantEventsGenerate_Post_Request: + additionalProperties: false + type: object + properties: + system: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System' + ApiStreamsSignificantEventsGenerate_Post_Request_System: + additionalProperties: false + type: object + properties: + description: + type: string + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_3' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_4' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_5' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + type: string + type: + enum: + - system + type: string + required: + - type + - name + - description + - filter + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Never' + required: + - never + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Always' + required: + - always + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query' + required: + - query + ApiStreamsSignificantEventsPreview_Post_Request_Query: + additionalProperties: false + type: object + properties: + feature: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Kql' + required: + - kql + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Never' + required: + - never + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Always' + required: + - always + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request_Query_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsAttachments_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_3' + ApiStreamsAttachments_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Get_Request_3: + not: {} + ApiStreamsAttachmentsBulk_Post_Request: + additionalProperties: false + type: object + properties: + operations: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_1' + - $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_2' + type: array + required: + - operations + ApiStreamsAttachmentsBulk_Post_Request_Operations_1: + additionalProperties: false + type: object + properties: + index: + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_Index' + required: + - index + ApiStreamsAttachmentsBulk_Post_Request_Operations_Index: + additionalProperties: false + type: object + properties: + id: + type: string + type: + enum: + - dashboard + - rule + - slo + type: string + required: + - id + - type + ApiStreamsAttachmentsBulk_Post_Request_Operations_2: + additionalProperties: false + type: object + properties: + delete: + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_Delete' + required: + - delete + ApiStreamsAttachmentsBulk_Post_Request_Operations_Delete: + additionalProperties: false + type: object + properties: + id: + type: string + type: + enum: + - dashboard + - rule + - slo + type: string + required: + - id + - type + ApiStreamsAttachments_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_3' + ApiStreamsAttachments_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Delete_Request_3: + not: {} + ApiStreamsAttachments_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_3' + ApiStreamsAttachments_Put_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Put_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Put_Request_3: + not: {} + ApiTimeline_Delete_Request: + type: object + properties: + savedObjectIds: + description: The list of IDs of the Timelines or Timeline templates to delete + example: + - 15c1929b-0af7-42bd-85a8-56e234cc7c4e + items: + type: string + type: array + searchIds: + description: Saved search IDs that should be deleted alongside the timelines + example: + - 23f3-43g34g322-e5g5hrh6h-45454 + - 6ce1b592-84e3-4b4a-9552-f189d4b82075 + items: + type: string + type: array + required: + - savedObjectIds + ApiTimeline_Patch_Request: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + description: The timeline object of the Timeline or Timeline template that you’re updating. + timelineId: + description: The `savedObjectId` of the Timeline or Timeline template that you’re updating. + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + nullable: true + type: string + version: + description: The version of the Timeline or Timeline template that you’re updating. + example: WzE0LDFd + nullable: true + type: string + required: + - timelineId + - version + - timeline + ApiTimeline_Patch_Response_405: + type: object + properties: + body: + description: The error message + example: update timeline error + type: string + statusCode: + example: 405 + type: number + ApiTimeline_Post_Request: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + description: A unique identifier for the Timeline template. + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + nullable: true + type: string + templateTimelineVersion: + description: Timeline template version number. + example: 12 + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + description: A unique identifier for the Timeline. + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + ApiTimeline_Post_Response_405: + type: object + properties: + body: + description: The error message + example: update timeline error + type: string + statusCode: + example: 405 + type: number + ApiTimelineCopy_Get_Request: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + ApiTimelineDraft_Get_Response_403: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Get_Response_409: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Post_Request: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + ApiTimelineDraft_Post_Response_403: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Post_Response_409: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineExport_Post_Request: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + ApiTimelineExport_Post_Response_400: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelineFavorite_Patch_Request: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + ApiTimelineFavorite_Patch_Response_403: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelineImport_Post_Request: + type: object + properties: + file: {} + isImmutable: + description: Whether the Timeline should be immutable + enum: + - 'true' + - 'false' + type: string + required: + - file + ApiTimelineImport_Post_Response_400: + type: object + properties: + body: + description: The error message + example: Invalid file extension + type: string + statusCode: + example: 400 + type: number + ApiTimelineImport_Post_Response_404: + type: object + properties: + body: + description: The error message + example: Unable to find saved object client + type: string + statusCode: + example: 404 + type: number + ApiTimelineImport_Post_Response_409: + type: object + properties: + body: + description: The error message + example: Could not import timelines + type: string + statusCode: + example: 409 + type: number + ApiTimelinePrepackaged_Post_Request: + type: object + properties: + prepackagedTimelines: + items: + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + ApiTimelinePrepackaged_Post_Response_500: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelines_Get_Response_200: + type: object + properties: + customTemplateTimelineCount: + description: The amount of custom Timeline templates in the results + example: 2 + type: number + defaultTimelineCount: + description: The amount of `default` type Timelines in the results + example: 90 + type: number + elasticTemplateTimelineCount: + description: The amount of Elastic's Timeline templates in the results + example: 8 + type: number + favoriteCount: + description: The amount of favorited Timelines + example: 5 + type: number + templateTimelineCount: + description: The amount of Timeline templates in the results + example: 10 + type: number + timeline: + items: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + type: array + totalCount: + description: The total amount of results + example: 100 + type: number + required: + - timeline + - totalCount + ApiTimelines_Get_Response_400: + type: object + properties: + body: + description: The error message + example: get timeline error + type: string + statusCode: + example: 405 + type: number + APM_UI_agent_keys_response_AgentKey: + description: Agent key + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + required: + - id + - name + - api_key + - encoded + APM_UI_annotation_search_response_Annotations_Item: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + APM_UI_create_annotation_object_Service: + description: The service that identifies the configuration to create or update. + type: object + properties: + environment: + description: The environment of the service. + type: string + version: + description: The version of the service. + type: string + required: + - version + APM_UI_create_annotation_response__source: + description: Response + type: object + properties: + '@timestamp': + type: string + annotation: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Annotation' + event: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Event' + message: + type: string + service: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Service' + tags: + items: + type: string + type: array + APM_UI_create_annotation_response__source_Annotation: + type: object + properties: + title: + type: string + type: + type: string + APM_UI_create_annotation_response__source_Event: + type: object + properties: + created: + type: string + APM_UI_create_annotation_response__source_Service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + APM_UI_single_agent_configuration_response_1: + type: object + properties: + id: + type: string + required: + - id + APM_UI_source_maps_response_Artifacts_1: + type: object + properties: + body: + $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_Body' + APM_UI_source_maps_response_Artifacts_Body: + type: object + properties: + bundleFilepath: + type: string + serviceName: + type: string + serviceVersion: + type: string + sourceMap: + $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_Body_SourceMap' + APM_UI_source_maps_response_Artifacts_Body_SourceMap: + type: object + properties: + file: + type: string + mappings: + type: string + sourceRoot: + type: string + sources: + items: + type: string + type: array + sourcesContent: + items: + type: string + type: array + version: + type: number + APM_UI_upload_source_maps_response_1: + type: object + properties: + body: + type: string + Data_views_create_data_view_request_object_Data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_FieldAttrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_Fields' + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + Data_views_create_data_view_request_object_Data_view_FieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + Data_views_create_data_view_request_object_Data_view_Fields: + type: object + Data_views_create_data_view_request_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Data_views_data_view_response_object_Data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_FieldAttrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_Fields' + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_data_view_response_object_Data_view_FieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + Data_views_data_view_response_object_Data_view_Fields: + type: object + Data_views_data_view_response_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Data_views_runtimefieldmap_Script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + Data_views_sourcefilters_Item: + type: object + properties: + value: + type: string + required: + - value + Data_views_swap_data_view_request_object_ForId_1: + type: string + Data_views_swap_data_view_request_object_ForId_2: + items: + type: string + type: array + Data_views_typemeta_Aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + Data_views_typemeta_Params: + description: Properties for retrieving rollup fields. + type: object + Data_views_typemeta_response_Aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + Data_views_typemeta_response_Params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object_Data_view: + description: | + The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view_Fields' + name: + type: string + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + Data_views_update_data_view_request_object_Data_view_Fields: + type: object + Data_views_update_data_view_request_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Kibana_HTTP_APIs_core_status_redactedResponse_Status: + additionalProperties: false + type: object + properties: + overall: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse_Status_Overall' + required: + - overall + Kibana_HTTP_APIs_core_status_redactedResponse_Status_Overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + Kibana_HTTP_APIs_core_status_response_Metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Metrics_Elasticsearch_client' + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + Kibana_HTTP_APIs_core_status_response_Metrics_Elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + Kibana_HTTP_APIs_core_status_response_Status: + additionalProperties: false + type: object + properties: + core: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core' + overall: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Overall' + plugins: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins' + required: + - overall + - core + - plugins + Kibana_HTTP_APIs_core_status_response_Status_Core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch' + http: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Http' + savedObjects: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects' + required: + - elasticsearch + - savedObjects + Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Core_Http: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Http_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_Http_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Overall_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Overall_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Plugins: + additionalProperties: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins_Value' + description: A dynamic mapping of plugin ID to plugin status. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Plugins_Value: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Plugins_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Version: + additionalProperties: false + type: object + properties: + build_date: + description: The date and time of this build. + type: string + build_flavor: + description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. + enum: + - serverless + - traditional + type: string + build_hash: + description: A unique hash value representing the git commit of this Kibana build. + type: string + build_number: + description: A monotonically increasing number, each subsequent build will have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. + type: boolean + number: + description: A semantic version number. + type: string + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date + Machine_learning_APIs_mlSync200Response_DatafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. + type: object + Machine_learning_APIs_mlSync200Response_DatafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Anomaly-detector: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If saved objects are missing for anomaly detection jobs, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Data-frame-analytics: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If saved objects are missing for data frame analytics jobs, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Trained-model: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If saved objects are missing for trained models, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Anomaly-detector: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Data-frame-analytics: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Trained-model: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If there are saved objects exist for nonexistent trained models, they are deleted. + type: object + Observability_AI_Assistant_API_Function_Parameters: + description: The parameters of the function. + type: object + Observability_AI_Assistant_API_Instruction_1: + description: A simple instruction represented as a string. + type: string + Observability_AI_Assistant_API_Instruction_2: + description: A detailed instruction with an ID and text. + type: object + properties: + id: + description: A unique identifier for the instruction. + type: string + text: + description: The text of the instruction. + type: string + required: + - id + - text + Observability_AI_Assistant_API_Message_Message: + description: The main content of the message. + type: object + properties: + content: + description: The content of the message. + type: string + data: + description: Additional data associated with the message. + type: string + event: + description: The event related to the message. + type: string + function_call: + $ref: '#/components/schemas/Observability_AI_Assistant_API_FunctionCall' + name: + description: The name associated with the message. + type: string + role: + $ref: '#/components/schemas/Observability_AI_Assistant_API_MessageRoleEnum' + required: + - role + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + description: List of errors that occurred during the bulk operation. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_DocumentEntry_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + - namespace + - global + - users + Security_AI_Assistant_API_DocumentEntryCreateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + Security_AI_Assistant_API_DocumentEntryUpdateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + Security_AI_Assistant_API_EsqlContentReference_2: + type: object + properties: + label: + description: Label of the query + example: High Severity Alerts + type: string + query: + description: An ESQL query + example: SELECT * FROM alerts WHERE severity = "high" + type: string + timerange: + $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference_Timerange' + type: + enum: + - EsqlQuery + example: EsqlQuery + type: string + required: + - type + - query + - label + Security_AI_Assistant_API_EsqlContentReference_Timerange: + description: Time range to select in the time picker. + type: object + properties: + from: + example: '2025-04-01T00:00:00Z' + type: string + to: + example: '2025-04-30T23:59:59Z' + type: string + required: + - from + - to + Security_AI_Assistant_API_HrefContentReference_2: + type: object + properties: + href: + description: URL to the external resource + type: string + label: + description: Label of the query + type: string + type: + enum: + - Href + type: string + required: + - type + - href + Security_AI_Assistant_API_IndexEntry_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + - namespace + - global + - users + Security_AI_Assistant_API_IndexEntryCreateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + Security_AI_Assistant_API_IndexEntryUpdateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + Security_AI_Assistant_API_InputSchema_Item: + type: object + properties: + description: + description: Description of the field. + example: The title of the document. + type: string + fieldName: + description: Name of the field. + example: title + type: string + fieldType: + description: Type of the field. + example: string + type: string + required: + - fieldName + - fieldType + - description + Security_AI_Assistant_API_InputTextInterruptResumeValue_2: + type: object + properties: + type: + enum: + - INPUT_TEXT + example: INPUT_TEXT + type: string + value: + description: Text value used to resume the graph execution with. + example: .logs* + type: string + required: + - value + - type + Security_AI_Assistant_API_InputTextInterruptValue_2: + type: object + properties: + description: + description: Description of action required + example: What is the index you would like to use for the query. + type: string + placeholder: + description: Placeholder text for the input field + example: Enter index pattern here... + type: string + type: + enum: + - INPUT_TEXT + example: INPUT_TEXT + type: string + required: + - type + Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + description: List of errors encountered during the bulk action. + example: + - err_code: UPDATE_FAILED + knowledgeBaseEntries: + - id: '456' + name: Error Entry + message: Failed to update entry. + statusCode: 400 + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_KnowledgeBaseEntryContentReference_2: + type: object + properties: + knowledgeBaseEntryId: + description: Id of the Knowledge Base Entry + example: kbentry456 + type: string + knowledgeBaseEntryName: + description: Name of the knowledge base entry + example: Network Security Best Practices + type: string + type: + enum: + - KnowledgeBaseEntry + example: KnowledgeBaseEntry + type: string + required: + - type + - knowledgeBaseEntryId + - knowledgeBaseEntryName + Security_AI_Assistant_API_ProductDocumentationContentReference_2: + type: object + properties: + title: + description: Title of the documentation + example: Getting Started with Security AI Assistant + type: string + type: + enum: + - ProductDocumentation + example: ProductDocumentation + type: string + url: + description: URL to the documentation + example: https://docs.example.com/security-ai-assistant + type: string + required: + - type + - title + - url + Security_AI_Assistant_API_PromptsBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_SecurityAlertContentReference_2: + type: object + properties: + alertId: + description: ID of the Alert + example: alert789 + type: string + type: + enum: + - SecurityAlert + example: SecurityAlert + type: string + required: + - type + - alertId + Security_AI_Assistant_API_SecurityAlertsPageContentReference_2: + type: object + properties: + type: + enum: + - SecurityAlertsPage + example: SecurityAlertsPage + type: string + required: + - type + Security_AI_Assistant_API_SelectOptionInterruptResumeValue_2: + type: object + properties: + type: + enum: + - SELECT_OPTION + example: SELECT_OPTION + type: string + value: + description: The value of the selected option to resume the graph execution with + example: option_1 + type: string + required: + - value + - type + Security_AI_Assistant_API_SelectOptionInterruptValue_2: + type: object + properties: + description: + description: Description of action required + example: Select one of the options + type: string + options: + description: List of actions to choose from + example: + - label: Option 1 + - label: Option 2 + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptOption' + type: array + type: + enum: + - SELECT_OPTION + example: SELECT_OPTION + type: string + required: + - type + - description + - options + Security_AI_Assistant_API_Vector_Tokens: + additionalProperties: + type: number + description: Tokens with their corresponding values. + example: + token1: 0.123 + token2: 0.456 + type: object + Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Api_config_2: + type: object + properties: + name: + description: The name of the connector + type: string + required: + - name + Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Combined_filter: + additionalProperties: true + type: object + Security_Attack_discovery_API_AttackDiscoveryGeneration_Connector_stats: + description: Stats applicable to the connector for this generation + type: object + properties: + average_successful_duration_nanoseconds: + description: The average duration (avg event.duration) in nanoseconds of successful generations for the same connector id, for the current user + type: number + successful_generations: + description: The number of successful generations for the same connector id, for the current user + type: number + Security_Attack_discovery_API_AttackDiscoveryGenerationConfig_Filter: + additionalProperties: true + description: |- + An Elasticsearch-style query DSL object used to filter alerts. For example: + ```json { + "filter": { + "bool": { + "must": [], + "filter": [ + { + "bool": { + "should": [ + { + "term": { + "user.name": { "value": "james" } + } + } + ], + "minimum_should_match": 1 + } + } + ], + "should": [], + "must_not": [] + } + } + } ``` + type: object + Security_Attack_discovery_API_Query_Query_1: + type: string + Security_Attack_discovery_API_Query_Query_2: + additionalProperties: true + type: object + Security_Detections_API_AlertsSort_2: + items: + $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' + type: array + Security_Detections_API_AlertsSortCombinations_1: + type: string + Security_Detections_API_AlertsSortCombinations_2: + additionalProperties: true + type: object + Security_Detections_API_BulkActionEditPayloadRuleActions_Value: + type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' + type: array + throttle: + $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' + required: + - actions + Security_Detections_API_BulkActionEditPayloadSchedule_Value: + type: object + properties: + interval: + description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + lookback: + description: | + Lookback time for the rules. + + Additional look-back time that the rule analyzes. For example, "10m" means the rule analyzes the last 10 minutes of data in addition to the frequency interval. + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + required: + - interval + - lookback + Security_Detections_API_BulkActionEditPayloadTimeline_Value: + type: object + properties: + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + required: + - timeline_id + - timeline_title + Security_Detections_API_BulkDuplicateRules_Duplicate: + description: Duplicate object that describes applying an update action. + type: object + properties: + include_exceptions: + description: Whether to copy exceptions from the original rule + type: boolean + include_expired_exceptions: + description: Whether to copy expired exceptions from the original rule + type: boolean + required: + - include_exceptions + - include_expired_exceptions + Security_Detections_API_BulkEditActionResponse_Attributes: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' + type: array + results: + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' + summary: + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' + required: + - results + - summary + Security_Detections_API_BulkManualRuleFillGaps_Fill_gaps: + description: Object that describes applying a manual gap fill action for the specified time range. + type: object + properties: + end_date: + description: End date of the manual gap fill + type: string + start_date: + description: Start date of the manual gap fill + type: string + required: + - start_date + - end_date + Security_Detections_API_BulkManualRuleRun_Run: + description: Object that describes applying a manual rule run action. + type: object + properties: + end_date: + description: End date of the manual rule run + type: string + start_date: + description: Start date of the manual rule run + type: string + required: + - start_date + - end_date + Security_Detections_API_CloseAlertsByQuery_Query: + additionalProperties: true + type: object + Security_Detections_API_EcsMapping_Value: + type: object + properties: + field: + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value_1' + - $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value_2' + Security_Detections_API_EcsMapping_Value_1: + type: string + Security_Detections_API_EcsMapping_Value_2: + items: + type: string + type: array + Security_Detections_API_EqlRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_EqlRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_EqlRulePatchFields_1: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - eql + type: string + Security_Detections_API_EqlRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_EqlRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ErrorSchema_Error: + type: object + properties: + message: + type: string + status_code: + minimum: 400 + type: integer + required: + - status_code + - message + Security_Detections_API_EsqlRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_EsqlRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_EsqlRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + type: + description: Rule type + enum: + - esql + type: string + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_EsqlRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ExternalRuleCustomizedFields_Item: + type: object + properties: + field_name: + description: Name of a user-modified field in the rule object. + type: string + required: + - field_name + Security_Detections_API_MachineLearningJobId_1: + type: string + Security_Detections_API_MachineLearningJobId_2: + items: + type: string + minItems: 1 + type: array + Security_Detections_API_MachineLearningRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_MachineLearningRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_MachineLearningRulePatchFields_1: + type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' + type: + description: Rule type + enum: + - machine_learning + type: string + Security_Detections_API_MachineLearningRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_MachineLearningRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_NewTermsRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_NewTermsRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_NewTermsRulePatchFields_1: + type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms + type: string + Security_Detections_API_NewTermsRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_NewTermsRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_NewTermsRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ProcessesParams_Config: + type: object + properties: + field: + description: Field to use instead of process.pid + type: string + overwrite: + default: true + description: Whether to overwrite field with process.pid + type: boolean + required: + - field + Security_Detections_API_QueryAlertsBodyParams__source_1: + type: boolean + Security_Detections_API_QueryAlertsBodyParams__source_2: + type: string + Security_Detections_API_QueryAlertsBodyParams__source_3: + items: + type: string + type: array + Security_Detections_API_QueryAlertsBodyParams_Aggs: + additionalProperties: true + type: object + Security_Detections_API_QueryAlertsBodyParams_Query: + additionalProperties: true + type: object + Security_Detections_API_QueryAlertsBodyParams_Runtime_mappings: + additionalProperties: true + type: object + Security_Detections_API_QueryRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_QueryRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_QueryRulePatchFields_1: + type: object + properties: + type: + description: Rule type + enum: + - query + type: string + Security_Detections_API_QueryRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_QueryRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + required: + - query + - language + Security_Detections_API_QueryRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_RiskScoreMapping_Item: + type: object + properties: + field: + description: Source event field used to override the default `risk_score`. + type: string + operator: + enum: + - equals + type: string + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + value: + type: string + required: + - field + - operator + - value + Security_Detections_API_RuleActionThrottle_1: + enum: + - no_actions + - rule + type: string + Security_Detections_API_RuleActionThrottle_2: + description: Time interval in seconds, minutes, hours, or days. + example: 1h + pattern: ^[1-9]\d*[smhd]$ + type: string + Security_Detections_API_RuleExecutionMetrics_Gap_range: + description: Range of the execution gap + type: object + properties: + gte: + description: Start date of the execution gap + type: string + lte: + description: End date of the execution gap + type: string + required: + - gte + - lte + Security_Detections_API_RuleExecutionSummary_Last_execution: + type: object + properties: + date: + description: Date of the last execution + format: date-time + type: string + message: + type: string + metrics: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' + status: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' + description: Status of the last execution + status_order: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' + required: + - date + - status + - status_order + - message + - metrics + Security_Detections_API_SavedQueryRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_SavedQueryRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_SavedQueryRulePatchFields_1: + type: object + properties: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type + enum: + - saved_query + type: string + Security_Detections_API_SavedQueryRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_SavedQueryRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_SavedQueryRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_SetAlertsStatusByQueryBase_Query: + additionalProperties: true + type: object + Security_Detections_API_SeverityMapping_Item: + type: object + properties: + field: + description: Source event field used to override the default `severity`. + type: string + operator: + enum: + - equals + type: string + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + value: + type: string + required: + - field + - operator + - severity + - value + Security_Detections_API_ThreatMapping_Item: + type: object + properties: + entries: + items: + $ref: '#/components/schemas/Security_Detections_API_ThreatMappingEntry' + type: array + required: + - entries + Security_Detections_API_ThreatMatchRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_ThreatMatchRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThreatMatchRulePatchFields_1: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match + type: string + Security_Detections_API_ThreatMatchRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_ThreatMatchRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThreatMatchRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThresholdCardinality_Item: + type: object + properties: + field: + description: The field on which to calculate and compare the cardinality. + type: string + value: + description: The threshold value from which an alert is generated based on unique number of values of cardinality.field. + minimum: 0 + type: integer + required: + - field + - value + Security_Detections_API_ThresholdField_1: + type: string + Security_Detections_API_ThresholdField_2: + items: + type: string + maxItems: 5 + minItems: 0 + type: array + Security_Detections_API_ThresholdRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_ThresholdRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThresholdRulePatchFields_1: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold + type: string + Security_Detections_API_ThresholdRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_ThresholdRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThresholdRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Endpoint_Exceptions_API_EndpointList_2: + additionalProperties: false + type: object + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList_List: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' + required: + - id + - type + Security_Endpoint_Management_API_ActionStateSuccessResponse_Body: + type: object + properties: + data: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse_Body_Data' + required: + - data + Security_Endpoint_Management_API_ActionStateSuccessResponse_Body_Data: + type: object + properties: + canEncrypt: + type: boolean + Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body: + type: object + properties: + data: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body_Data' + required: + - data + Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body_Data: + type: object + properties: + agent_id: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + pending_actions: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' + required: + - agent_id + - pending_actions + Security_Endpoint_Management_API_AgentIds_1: + items: + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + Security_Endpoint_Management_API_AgentIds_2: + minLength: 1 + type: string + Security_Endpoint_Management_API_ApiPageSize_2: + maximum: 1000 + Security_Endpoint_Management_API_Cancel_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Parameters' + Security_Endpoint_Management_API_Cancel_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs_Value' + type: object + Security_Endpoint_Management_API_Cancel_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs_Content' + Security_Endpoint_Management_API_Cancel_Outputs_Content: + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Cancel_Parameters: + type: object + properties: + id: + format: uuid + type: string + Security_Endpoint_Management_API_CancelRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_CancelRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_CancelRouteRequestBody_Parameters: + type: object + properties: + id: + description: ID of the response action to cancel + example: 7f8c9b2a-4d3e-4f5a-8b1c-2e3f4a5b6c7d + minLength: 1 + type: string + required: + - id + Security_Endpoint_Management_API_Execute_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Parameters' + Security_Endpoint_Management_API_Execute_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs_Value' + type: object + Security_Endpoint_Management_API_Execute_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs_Content_2' + Security_Endpoint_Management_API_Execute_Outputs_Content_2: + type: object + properties: + code: + type: string + cwd: + type: string + output_file_id: + type: string + output_file_stderr_truncated: + type: boolean + output_file_stdout_truncated: + type: boolean + shell_code: + type: number + stderr: + type: string + stderr_truncated: + type: boolean + stdout: + type: string + stdout_truncated: + type: boolean + Security_Endpoint_Management_API_Execute_Parameters: + type: object + properties: + command: + type: string + timeout: + type: number + Security_Endpoint_Management_API_ExecuteRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_ExecuteRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_ExecuteRouteRequestBody_Parameters: + type: object + properties: + command: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' + timeout: + description: The maximum timeout value in seconds before the command is terminated. + minimum: 1 + type: integer + required: + - command + Security_Endpoint_Management_API_GetFile_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Parameters' + Security_Endpoint_Management_API_GetFile_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Value' + type: object + Security_Endpoint_Management_API_GetFile_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Content_2' + Security_Endpoint_Management_API_GetFile_Outputs_Content_2: + type: object + properties: + code: + type: string + contents: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Content_Contents_Item' + type: array + zip_size: + type: number + Security_Endpoint_Management_API_GetFile_Outputs_Content_Contents_Item: + type: object + properties: + file_name: + type: string + path: + type: string + sha256: + type: string + size: + type: number + type: + type: string + Security_Endpoint_Management_API_GetFile_Parameters: + type: object + properties: + path: + type: string + Security_Endpoint_Management_API_GetFileRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_GetFileRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_GetFileRouteRequestBody_Parameters: + type: object + properties: + path: + type: string + required: + - path + Security_Endpoint_Management_API_KillProcess_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_3' + Security_Endpoint_Management_API_KillProcess_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Value' + type: object + Security_Endpoint_Management_API_KillProcess_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_3' + Security_Endpoint_Management_API_KillProcess_Outputs_Content_1: + type: object + properties: + code: + type: string + command: + type: string + pid: + type: number + Security_Endpoint_Management_API_KillProcess_Outputs_Content_2: + type: object + properties: + code: + type: string + command: + type: string + entity_id: + type: string + Security_Endpoint_Management_API_KillProcess_Outputs_Content_3: + type: object + properties: + code: + type: string + command: + type: string + process_name: + type: string + Security_Endpoint_Management_API_KillProcess_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + minimum: 1 + type: number + Security_Endpoint_Management_API_KillProcess_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + minLength: 1 + type: string + Security_Endpoint_Management_API_KillProcess_Parameters_3: + type: object + properties: + process_name: + description: The name of the process to terminate. Valid for SentinelOne agent type only. + type: string + Security_Endpoint_Management_API_KillProcessRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_KillProcessRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_3: + type: object + properties: + process_name: + description: The name of the process to terminate. Valid for SentinelOne agent type only. + example: Elastic + minLength: 1 + type: string + Security_Endpoint_Management_API_MemoryDump_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_MemoryDump_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs_Value' + type: object + Security_Endpoint_Management_API_MemoryDump_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs_Content' + Security_Endpoint_Management_API_MemoryDump_Outputs_Content: + properties: + code: + type: string + disk_free_space: + description: The free space on the host machine in bytes after the memory dump is written to disk + type: number + file_size: + description: The size of the memory dump compressed file in bytes + type: string + path: + description: The path to the memory dump compressed file on the host machine + type: string + title: Memory dump output + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_1: + properties: + type: + description: Kernel-level memory dump + enum: + - kernel + type: string + required: + - type + title: Kernel memory dump + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_2: + properties: + pid: + description: The process ID (PID) + type: number + type: + description: Process-level memory dump using a process ID + enum: + - process + type: string + required: + - type + - pid + title: Process memory dump with PID + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_3: + properties: + entity_id: + description: The process entity ID + type: string + type: + description: Process-level memory dump using an entity ID + enum: + - process + type: string + required: + - type + - entity_id + title: Process memory dump with entity ID + type: object + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_1: + description: Dump the entire kernel memory. + type: object + properties: + type: + enum: + - kernel + type: string + required: + - type + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_2: + description: Dump the entire memory of a process using the PID. + type: object + properties: + pid: + type: number + type: + enum: + - process + type: string + required: + - type + - pid + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_3: + description: Dump the entire memory of a process using the entity ID. + type: object + properties: + entity_id: + type: string + type: + enum: + - process + type: string + required: + - type + - entity_id + Security_Endpoint_Management_API_PendingActionsSchema_1: + type: object + properties: + execute: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + get-file: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + isolate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + kill-process: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + running-processes: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + scan: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + suspend-process: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + unisolate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + upload: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + Security_Endpoint_Management_API_PendingActionsSchema_2: + additionalProperties: true + type: object + Security_Endpoint_Management_API_ResponseActionDetails_AgentState: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_AgentState_Value' + description: The state of the response action for each agent ID that it was sent to + type: object + Security_Endpoint_Management_API_ResponseActionDetails_AgentState_Value: + format: uuid + type: object + properties: + completedAt: + description: The date and time the response action was completed for the agent ID + type: string + isCompleted: + description: Whether the response action is completed for the agent ID + type: boolean + wasSuccessful: + description: Whether the response action was successful for the agent ID + type: boolean + Security_Endpoint_Management_API_ResponseActionDetails_Hosts: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Hosts_Value' + description: An object containing the host names associated with the agent IDs the response action was sent to + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Hosts_Value: + format: uuid + type: object + properties: + name: + description: The host name + type: string + Security_Endpoint_Management_API_ResponseActionDetails_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Value' + description: | + The outputs of the response action for each agent ID that it was sent to. Content different depending on the + response action command and will only be present for agents that have responded to the response action + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Value: + description: The agent id + format: uuid + properties: + content: + description: The response action output content for the agent ID. Exact format depends on the response action command. + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_2' + type: + enum: + - json + - text + type: string + required: + - type + - content + title: Agent ID + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_1: + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_2: + type: string + Security_Endpoint_Management_API_ResponseActionDetails_Parameters: + description: The parameters of the response action. Content different depending on the response action command + type: object + Security_Endpoint_Management_API_RunningProcesses_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_Outputs' + Security_Endpoint_Management_API_RunningProcesses_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_Outputs_Value' + type: object + Security_Endpoint_Management_API_RunningProcesses_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne' + Security_Endpoint_Management_API_RunningProcessesOutputEndpoint_Entries_Item: + type: object + properties: + command: + type: string + entity_id: + type: string + pid: + type: number + user: + type: string + Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne_2: + description: Processes output for `agentType` of `sentinel_one` + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Runscript_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsCrowdStrike' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsMicrosoft' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsSentinelOne' + Security_Endpoint_Management_API_Runscript_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs_Value' + type: object + Security_Endpoint_Management_API_Runscript_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs_Content_2' + Security_Endpoint_Management_API_Runscript_Outputs_Content_2: + type: object + properties: + code: + type: string + stderr: + type: string + stdout: + type: string + Security_Endpoint_Management_API_RunScriptRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_RunScriptRouteRequestBody_2: + type: object + properties: + parameters: + description: | + One of the following set of parameters must be provided + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SentinelOneRunScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MDERunScriptParameters' + required: + - parameters + Security_Endpoint_Management_API_Scan_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Parameters' + Security_Endpoint_Management_API_Scan_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs_Value' + type: object + Security_Endpoint_Management_API_Scan_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs_Content' + Security_Endpoint_Management_API_Scan_Outputs_Content: + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Scan_Parameters: + type: object + properties: + path: + type: string + Security_Endpoint_Management_API_ScanRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_ScanRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_ScanRouteRequestBody_Parameters: + type: object + properties: + path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt + type: string + required: + - path + Security_Endpoint_Management_API_SuspendProcess_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Parameters_2' + Security_Endpoint_Management_API_SuspendProcess_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Value' + type: object + Security_Endpoint_Management_API_SuspendProcess_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_2' + Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_1: + type: object + properties: + code: + type: string + command: + type: string + pid: + type: number + Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_2: + type: object + properties: + code: + type: string + command: + type: string + entity_id: + type: string + Security_Endpoint_Management_API_SuspendProcess_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + minimum: 1 + type: number + Security_Endpoint_Management_API_SuspendProcess_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + minLength: 1 + type: string + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_2' + required: + - parameters + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string + Security_Endpoint_Management_API_Upload_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Parameters' + Security_Endpoint_Management_API_Upload_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs_Value' + type: object + Security_Endpoint_Management_API_Upload_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs_Content' + Security_Endpoint_Management_API_Upload_Outputs_Content: + type: object + properties: + code: + type: string + disk_free_space: + type: number + path: + type: string + Security_Endpoint_Management_API_Upload_Parameters: + description: | + The parameters for upload returned on the details are derived via the API from the file that + was uploaded at the time that the response action was submitted + type: object + properties: + file_id: + type: string + file_name: + type: string + file_sha256: + type: string + file_size: + type: number + Security_Endpoint_Management_API_UploadRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_UploadRouteRequestBody_2: + type: object + properties: + file: + description: The binary content of the file. + example: RWxhc3RpYw== + format: binary + type: string + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_Parameters' + required: + - parameters + - file + Security_Endpoint_Management_API_UploadRouteRequestBody_Parameters: + type: object + properties: + overwrite: + default: false + description: Overwrite the file on the host if it already exists. + example: false + type: boolean + Security_Endpoint_Management_API_UserIds_1: + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_UserIds_2: + minLength: 1 + type: string + Security_Endpoint_Management_API_WithOutputs_1: + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_WithOutputs_2: + minLength: 1 + type: string + Security_Entity_Analytics_API_AssetCriticalityRecord_3: + type: object + properties: + '@timestamp': + description: The time the record was created or updated. + example: '2017-07-21T17:32:28Z' + format: date-time + type: string + required: + - '@timestamp' + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - asset + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity_Asset' + id: + type: string + required: + - id + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse_Errors_Item: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse_Errors_Item: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + Security_Entity_Analytics_API_CreateAssetCriticalityRecord_2: + type: object + properties: + criticality_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality_level + Security_Entity_Analytics_API_EngineComponentStatus_Errors_Item: + type: object + properties: + message: + type: string + title: + type: string + Security_Entity_Analytics_API_EngineDataviewUpdateResult_Changes: + type: object + properties: + indexPatterns: + items: + type: string + type: array + Security_Entity_Analytics_API_EngineDescriptor_Error: + type: object + properties: + action: + enum: + - init + type: string + message: + type: string + required: + - message + - action + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges: + type: object + properties: + elasticsearch: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch' + kibana: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Kibana' + required: + - elasticsearch + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch: + type: object + properties: + cluster: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Cluster' + index: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index' + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Cluster: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index_Value' + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Kibana: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityField_Attributes: + additionalProperties: false + type: object + properties: + asset: + type: boolean + managed: + type: boolean + mfa_enabled: + type: boolean + privileged: + type: boolean + Security_Entity_Analytics_API_EntityField_Behaviors: + additionalProperties: false + type: object + properties: + brute_force_victim: + type: boolean + new_country_login: + type: boolean + used_usb_device: + type: boolean + Security_Entity_Analytics_API_EntityField_Lifecycle: + additionalProperties: false + type: object + properties: + first_seen: + format: date-time + type: string + last_activity: + format: date-time + type: string + Security_Entity_Analytics_API_EntityField_Relationships: + additionalProperties: false + type: object + properties: + accessed_frequently_by: + items: + type: string + type: array + accesses_frequently: + items: + type: string + type: array + communicates_with: + items: + type: string + type: array + dependent_of: + items: + type: string + type: array + depends_on: + items: + type: string + type: array + owned_by: + items: + type: string + type: array + owns: + items: + type: string + type: array + supervised_by: + items: + type: string + type: array + supervises: + items: + type: string + type: array + Security_Entity_Analytics_API_EntityField_Risk: + additionalProperties: false + type: object + properties: + calculated_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' + description: Lexical description of the entity's risk. + example: Critical + calculated_score: + description: The raw numeric value of the given entity's risk score. + format: double + type: number + calculated_score_norm: + description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. + format: double + maximum: 100 + minimum: 0 + type: number + Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Item: + type: object + properties: + contribution: + format: double + type: number + metadata: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Metadata' + modifier_value: + format: double + type: number + subtype: + type: string + type: + type: string + required: + - type + - contribution + Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Metadata: + additionalProperties: true + type: object + Security_Entity_Analytics_API_HostEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_HostEntity_Host: + additionalProperties: false + type: object + properties: + architecture: + items: + type: string + type: array + domain: + items: + type: string + type: array + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' + hostname: + items: + type: string + type: array + id: + items: + type: string + type: array + ip: + items: + type: string + type: array + mac: + items: + type: string + type: array + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + type: + items: + type: string + type: array + required: + - name + Security_Entity_Analytics_API_MonitoredUserDoc_2: + type: object + properties: + '@timestamp': + format: date-time + type: string + event: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_Event' + user: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User' + Security_Entity_Analytics_API_MonitoredUserDoc_Event: + type: object + properties: + '@timestamp': + format: date-time + type: string + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_MonitoredUserDoc_User: + type: object + properties: + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity' + is_privileged: + description: Indicates if the user is privileged. + type: boolean + name: + type: string + Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity: + type: object + properties: + attributes: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity_Attributes' + Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity_Attributes: + type: object + properties: + Privileged: + description: Indicates if the user is privileged. + type: boolean + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Entity_analytics_monitoring: + type: object + properties: + labels: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringLabel' + type: array + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Labels: + type: object + properties: + source_ids: + items: + type: string + type: array + source_integrations: + items: + type: string + type: array + sources: + items: + enum: + - csv + - index_sync + - api + type: array + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_User: + type: object + properties: + is_privileged: + description: Indicates if the user is privileged. + type: boolean + name: + type: string + Security_Entity_Analytics_API_MonitoringEngineDescriptor_Error: + type: object + properties: + message: + description: Error message typically only present if the engine is in error state + type: string + Security_Entity_Analytics_API_ServiceEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_ServiceEntity_Service: + additionalProperties: false + type: object + properties: + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + required: + - name + Security_Entity_Analytics_API_UserEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_UserEntity_User: + additionalProperties: false + type: object + properties: + domain: + items: + type: string + type: array + email: + items: + type: string + type: array + full_name: + items: + type: string + type: array + hash: + items: + type: string + type: array + id: + items: + type: string + type: array + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + additionalProperties: false + roles: + items: + type: string + type: array + required: + - name + Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring: + description: Entity analytics monitoring configuration for the user + type: object + properties: + labels: + description: Array of labels associated with the user + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring_Labels_Item' + type: array + Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring_Labels_Item: + type: object + properties: + field: + description: The field name for the label + type: string + source: + description: The source where this label was created (api, csv, or index_sync) + enum: + - api + - csv + - index_sync + type: string + value: + description: The value of the label + type: string + Security_Entity_Analytics_API_UserName_User: + type: object + properties: + name: + description: The name of the user. + type: string + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Item: + type: object + properties: + field: + description: Certificate subject name + enum: + - subject_name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Match type for subject name + enum: + - match + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_1: + description: Single subject name (used with match) + type: string + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_2: + description: Array of subject names (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_CreateExceptionListItemGeneric_2: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple + type: object + properties: + entries: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + default: [] + required: + - list_id + - entries + Security_Exceptions_API_ExceptionListItemEntryList_List: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ListType' + required: + - id + - type + Security_Exceptions_API_ExceptionListsImportBulkError_Error: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Exceptions_API_HostIsolationProperties_Entries_Item: + type: object + properties: + field: + description: Must be destination.ip + enum: + - destination.ip + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Must be match + enum: + - match + type: string + value: + description: Valid IPv4 address or CIDR notation (e.g., "192.168.1.1" or "10.0.0.0/8") + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_1: + type: object + properties: + field: + enum: + - subject_name + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Certificate subject name + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_2: + type: object + properties: + field: + enum: + - trusted + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Must be the string 'true' + enum: + - 'true' + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_1: + type: object + properties: + field: + enum: + - subject_name + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Certificate subject name + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_2: + type: object + properties: + field: + enum: + - trusted + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Must be the string 'true' + enum: + - 'true' + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against (username not available for multi-OS) + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against (user.name is Windows-only) + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + - user.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_UpdateExceptionListItemGeneric_2: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple + type: object + properties: + entries: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + required: + - entries + Security_Lists_API_ListItemPrivileges_Application: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListItemPrivileges_Cluster: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListItemPrivileges_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Index_Value' + type: object + Security_Lists_API_ListItemPrivileges_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Application: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Cluster: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Index_Value' + type: object + Security_Lists_API_ListPrivileges_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Osquery_API_CreateLiveQueryRequestBody_Metadata: + description: Custom metadata object associated with the live query. + nullable: true + type: object + Security_Osquery_API_ECSMappingItem_Value_1: + type: string + Security_Osquery_API_ECSMappingItem_Value_2: + items: + type: string + type: array + Security_Timeline_API_BareNote_2: + type: object + properties: + eventId: + description: The `_id` of the associated event for this note. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + nullable: true + type: string + note: + description: The text of the note + example: This is an example text + nullable: true + type: string + timelineId: + description: The `savedObjectId` of the Timeline that this note is associated with + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - timelineId + Security_Timeline_API_BarePinnedEvent_2: + type: object + properties: + eventId: + description: The `_id` of the associated event for this pinned event. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + type: string + timelineId: + description: The `savedObjectId` of the timeline that this pinned event is associated with + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - eventId + - timelineId + Security_Timeline_API_DocumentIds_1: + items: + type: string + type: array + Security_Timeline_API_DocumentIds_2: + type: string + Security_Timeline_API_FilterTimelineResult_Meta: + nullable: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + nullable: true + type: string + disabled: + nullable: true + type: boolean + field: + nullable: true + type: string + formattedValue: + nullable: true + type: string + index: + nullable: true + type: string + key: + nullable: true + type: string + negate: + nullable: true + type: boolean + params: + nullable: true + type: string + type: + nullable: true + type: string + value: + nullable: true + type: string + Security_Timeline_API_ImportTimelineResult_Errors_Item: + type: object + properties: + error: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult_Errors_Error' + id: + description: The ID of the timeline that failed to import + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + type: string + Security_Timeline_API_ImportTimelineResult_Errors_Error: + description: The error containing the reason why the timeline could not be imported + type: object + properties: + message: + description: The reason why the timeline could not be imported + example: Malformed JSON + type: string + status_code: + description: The HTTP status code of the error + example: 400 + type: number + Security_Timeline_API_ImportTimelines_2: + type: object + properties: + eventNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + globalNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + savedObjectId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - savedObjectId + - version + - pinnedEventIds + - eventNotes + - globalNotes + Security_Timeline_API_Note_2: + type: object + properties: + noteId: + description: The `savedObjectId` of the note + example: 709f99c6-89b6-4953-9160-35945c8e174e + type: string + version: + description: The version of the note + example: WzQ2LDFd + type: string + required: + - noteId + - version + Security_Timeline_API_PersistPinnedEventResponse_2: + type: object + properties: + unpinned: + description: Indicates whether the event was successfully unpinned + type: boolean + required: + - unpinned + Security_Timeline_API_PinnedEvent_2: + type: object + properties: + pinnedEventId: + description: The `savedObjectId` of this pinned event + example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 + type: string + version: + description: The version of this pinned event + example: WzQ2LDFe + type: string + required: + - pinnedEventId + - version + Security_Timeline_API_QueryMatchResult_Value_1: + nullable: true + type: string + Security_Timeline_API_QueryMatchResult_Value_2: + items: + type: string + nullable: true + type: array + Security_Timeline_API_SavedObjectIds_1: + items: + type: string + type: array + Security_Timeline_API_SavedObjectIds_2: + type: string + Security_Timeline_API_SavedTimeline_DateRange: + description: The Timeline's search period. + example: + end: 1587456479201 + start: 1587370079200 + nullable: true + type: object + properties: + end: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_End_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_End_2' + start: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_Start_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_Start_2' + Security_Timeline_API_SavedTimeline_DateRange_End_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_DateRange_End_2: + nullable: true + type: number + Security_Timeline_API_SavedTimeline_DateRange_Start_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_DateRange_Start_2: + nullable: true + type: number + Security_Timeline_API_SavedTimeline_EqlOptions: + description: EQL query that is used in the correlation tab + example: + eventCategoryField: event.category + query: sequence\n[process where process.name == "sudo"]\n[any where true] + size: 100 + timestampField: '@timestamp' + nullable: true + type: object + properties: + eventCategoryField: + nullable: true + type: string + query: + nullable: true + type: string + size: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions_Size_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions_Size_2' + tiebreakerField: + nullable: true + type: string + timestampField: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_EqlOptions_Size_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_EqlOptions_Size_2: + nullable: true + type: number + Security_Timeline_API_SavedTimelineWithSavedObjectId_2: + type: object + properties: + savedObjectId: + description: The `savedObjectId` of the Timeline or Timeline template + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + version: + description: The version of the Timeline or Timeline template + example: WzE0LDFd + type: string + required: + - savedObjectId + - version + Security_Timeline_API_SerializedFilterQueryResult_FilterQuery: + nullable: true + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult_FilterQuery_Kuery' + serializedQuery: + nullable: true + type: string + Security_Timeline_API_SerializedFilterQueryResult_FilterQuery_Kuery: + nullable: true + type: object + properties: + expression: + nullable: true + type: string + kind: + nullable: true + type: string + Security_Timeline_API_Sort_2: + items: + $ref: '#/components/schemas/Security_Timeline_API_SortObject' + type: array + Security_Timeline_API_TimelineResponse_3: + type: object + properties: + eventIdToNoteIds: + description: A list of all the notes that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + description: A list of all the ids of notes that are associated to this Timeline. + example: + - 709f99c6-89b6-4953-9160-35945c8e174e + items: + type: string + nullable: true + type: array + notes: + description: A list of all the notes that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + description: A list of all the ids of pinned events that are associated to this Timeline. + example: + - 983f99c6-89b6-4953-9160-35945c8a194f + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + description: A list of all the pinned events that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + Security_Timeline_API_TimelineSavedToReturnObject_2: + type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + savedObjectId: + type: string + version: + type: string + required: + - savedObjectId + - version + SLOs_artifacts_Dashboards_Item: + type: object + properties: + id: + description: Dashboard saved-object id + type: string + required: + - id + SLOs_bulk_delete_status_response_Results_Item: + type: object + properties: + error: + description: The error message if the deletion operation failed for this SLO + example: SLO [d08506b7-f0e8-4f8b-a06a-a83940f4db91] not found + type: string + id: + description: The ID of the SLO that was deleted + example: d08506b7-f0e8-4f8b-a06a-a83940f4db91 + type: string + success: + description: The result of the deletion operation for this SLO + example: true + type: boolean + SLOs_bulk_purge_rollup_request_PurgePolicy: + description: Policy that dictates which SLI documents to purge based on age + oneOf: + - $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy_1' + - $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy_2' + type: object + SLOs_bulk_purge_rollup_request_PurgePolicy_1: + type: object + properties: + age: + description: The duration to determine which documents to purge, formatted as {duration}{unit}. This value should be greater than or equal to the time window of every SLO provided. + example: 7d + type: string + purgeType: + description: Specifies whether documents will be purged based on a specific age or on a timestamp + enum: + - fixed-age + type: string + SLOs_bulk_purge_rollup_request_PurgePolicy_2: + type: object + properties: + purgeType: + description: Specifies whether documents will be purged based on a specific age or on a timestamp + enum: + - fixed-time + type: string + timestamp: + description: The timestamp to determine which documents to purge, formatted in ISO. This value should be older than the applicable time window of every SLO provided. + example: '2024-12-31T00:00:00.000Z' + type: string + SLOs_delete_slo_instances_request_List_Item: + type: object + properties: + instanceId: + description: The SLO instance identifier + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + type: string + sloId: + description: The SLO unique identifier + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + type: string + required: + - sloId + - instanceId + SLOs_filter_Query: + type: object + SLOs_filter_meta_Params: + type: object + SLOs_find_slo_definitions_response_1: + type: object + properties: + page: + example: 1 + type: number + perPage: + example: 25 + type: number + results: + items: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + type: array + total: + example: 34 + type: number + SLOs_find_slo_definitions_response_2: + type: object + properties: + page: + default: 1 + description: for backward compability + type: number + perPage: + description: for backward compability + example: 25 + type: number + results: + items: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + type: array + searchAfter: + description: the cursor to provide to get the next paged results + example: + - some-slo-id + - other-cursor-id + items: + type: string + type: array + size: + example: 25 + type: number + total: + example: 34 + type: number + SLOs_group_by_1: + type: string + SLOs_group_by_2: + items: + type: string + type: array + SLOs_indicator_properties_apm_availability_Params: + description: An object containing the indicator parameters. + nullable: false type: object - description: | - Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`. - required: - - subAction - - subActionParams properties: - subAction: + environment: + description: The APM service environment or "*" + example: production type: string - description: The action to test. - enum: - - validChannelId - subActionParams: - type: object - required: - - channelId - properties: - channelId: - type: string - description: The Slack channel identifier. - example: C123ABC456 - params_property_apm_anomaly: - title: APM anomaly - description: | - The parameters for the APM anomaly rule. These parameters are appropriate when `rule_type_id` is `apm.rules.anomaly`. - type: object - required: - - windowSize - - windowUnit - - environment - - anomalySeverityType - properties: - serviceName: + filter: + description: KQL query used for filtering the data + example: 'service.foo : "bar"' type: string - description: Filter the rule to apply to a specific service name. - transactionType: + index: + description: The index used by APM metrics + example: metrics-apm*,apm* type: string - description: Filter the rule to apply to a specific transaction type. - windowSize: - type: number - example: 6 - description: | - The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - windowUnit: + service: + description: The APM service name + example: o11y-app type: string - description: | - The type of units for the time window. For example: minutes, hours, or days. - enum: - - m - - h - - d - environment: + transactionName: + description: The APM transaction name or "*" + example: GET /my/api type: string - description: Filter the rule to apply to a specific environment. - anomalySeverityType: + transactionType: + description: The APM transaction type or "*" + example: request type: string - description: | - The severity of anomalies that will generate alerts: critical, major, minor, or warning. - enum: - - critical - - major - - minor - - warning - params_property_apm_error_count: - title: APM error count - description: | - The parameters for the APM error count rule. These parameters are appropriate when `rule_type_id` is `apm.error_rate`. - type: object required: - - windowSize - - windowUnit - - threshold + - service - environment + - transactionType + - transactionName + - index + SLOs_indicator_properties_apm_latency_Params: + description: An object containing the indicator parameters. + nullable: false + type: object properties: - serviceName: + environment: + description: The APM service environment or "*" + example: production type: string - description: Filter the errors coming from your application to apply the rule to a specific service. - windowSize: - type: number - description: | - The time frame in which the errors must occur (in `windowUnit` units). Generally it should be a value higher than the rule check interval to avoid gaps in detection. - example: 6 - windowUnit: + filter: + description: KQL query used for filtering the data + example: 'service.foo : "bar"' type: string - description: | - The type of units for the time window: minutes, hours, or days. - enum: - - m - - h - - d - environment: + index: + description: The index used by APM metrics + example: metrics-apm*,apm* + type: string + service: + description: The APM service name + example: o11y-app type: string - description: Filter the errors coming from your application to apply the rule to a specific environment. threshold: + description: The latency threshold in milliseconds + example: 250 type: number - description: The error count threshold. - groupBy: - type: array - default: - - service.name - - service.environment - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.name - - error.grouping_key - description: | - Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group. - errorGroupingKey: + transactionName: + description: The APM transaction name or "*" + example: GET /my/api + type: string + transactionType: + description: The APM transaction type or "*" + example: request type: string - description: | - Filter the errors coming from your application to apply the rule to a specific error grouping key, which is a hash of the stack trace and other properties. - params_property_apm_transaction_duration: - title: APM transaction duration - description: | - The parameters for the APM transaction duration rule. These parameters are appropriate when `rule_type_id` is `apm.transaction_duration`. - type: object required: - - windowSize - - windowUnit - - threshold + - service - environment - - aggregationType + - transactionType + - transactionName + - index + - threshold + SLOs_indicator_properties_custom_kql_Params: + description: An object containing the indicator parameters. + nullable: false + type: object properties: - serviceName: - type: string - description: Filter the rule to apply to a specific service. - transactionType: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string - description: Filter the rule to apply to a specific transaction type. - transactionName: + filter: + $ref: '#/components/schemas/SLOs_kql_with_filters' + good: + $ref: '#/components/schemas/SLOs_kql_with_filters_good' + index: + description: The index or index pattern to use + example: my-service-* type: string - description: Filter the rule to apply to a specific transaction name. - windowSize: - type: number + timestampField: description: | - The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - example: 6 - windowUnit: + The timestamp field used in the source indice. + example: timestamp type: string - description: | - The type of units for the time window. For example: minutes, hours, or days. - enum: - - m - - h - - d - environment: + total: + $ref: '#/components/schemas/SLOs_kql_with_filters_total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_custom_metric_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string - description: Filter the rule to apply to a specific environment. - threshold: - type: number - description: The latency threshold value. - groupBy: - type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + good: + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good' + index: + description: The index or index pattern to use + example: my-service-* + type: string + timestampField: description: | - Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group. - aggregationType: + The timestamp field used in the source indice. + example: timestamp type: string - enum: - - avg - - 95th - - 99th - description: The type of aggregation to perform. - params_property_apm_transaction_error_rate: - title: APM transaction error rate + total: + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_custom_metric_Params_Good: description: | - The parameters for the APM transaction error rate rule. These parameters are appropriate when `rule_type_id` is `apm.transaction_error_rate`. + An object defining the "good" metrics and equation type: object + properties: + equation: + description: The equation to calculate the "good" metric. + example: A + type: string + metrics: + description: List of metrics with their name, aggregation type, and field. + items: + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good_Metrics_1' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good_Metrics_2' + type: array required: - - windowSize - - windowUnit - - threshold - - environment + - metrics + - equation + SLOs_indicator_properties_custom_metric_Params_Good_Metrics_1: + type: object properties: - serviceName: + aggregation: + description: The aggregation type of the metric. + enum: + - sum + example: sum type: string - description: The service name from APM - transactionType: + field: + description: The field of the metric. + example: processor.processed type: string - description: The transaction type from APM - transactionName: + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' type: string - description: The transaction name from APM - windowSize: - type: number - description: The window size - example: 6 - windowUnit: + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ type: string - description: The window size unit + required: + - name + - aggregation + - field + SLOs_indicator_properties_custom_metric_Params_Good_Metrics_2: + type: object + properties: + aggregation: + description: The aggregation type of the metric. enum: - - m - - h - - d - environment: + - doc_count + example: doc_count type: string - description: The environment from APM - threshold: - type: number - description: The error rate threshold value - groupBy: - type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name - aggfield: - description: | - The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`. - type: string - aggtype: - description: The type of aggregation to perform. - type: string - enum: - - avg - - count - - max - - min - - sum - default: count - excludehitsfrompreviousrun: - description: | - Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. - type: boolean - groupby: - description: | - Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked. - type: string - enum: - - all - - top - default: all - size: - description: | - The number of documents to pass to the configured actions when the threshold condition is met. - type: integer - termfield: - description: | - The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`. - oneOf: - - type: string - - type: array - items: - type: string - maxItems: 4 - termsize: - description: | - This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. - type: integer - threshold: - description: | - The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values. - type: array - items: - type: integer - example: 4000 - thresholdcomparator: - description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between". - type: string - enum: - - '>' - - '>=' - - < - - <= - - between - - notBetween - example: '>' - timefield: - description: The field that is used to calculate the time window. - type: string - timewindowsize: - description: | - The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - type: integer - example: 5 - timewindowunit: - description: | - The type of units for the time window: seconds, minutes, hours, or days. - type: string - enum: - - s - - m - - h - - d - example: m - params_es_query_dsl_rule: - title: Elasticsearch DSL query rule params - description: | - An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. - type: object - required: - - esQuery - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - esQuery: - description: The query definition, which uses Elasticsearch Query DSL. - type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' - index: - description: The indices to query. - oneOf: - - type: array - items: - type: string - - type: string - searchType: - description: The type of query, in this case a query that uses Elasticsearch Query DSL. + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' type: string - enum: - - esQuery - default: esQuery - example: esQuery - size: - $ref: '#/components/schemas/size' - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_es_query_esql_rule: - title: Elasticsearch ES|QL query rule params + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ + type: string + required: + - name + - aggregation + SLOs_indicator_properties_custom_metric_Params_Total: description: | - An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + An object defining the "total" metrics and equation type: object - required: - - esqlQuery - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - esqlQuery: - type: object - required: - - esql - properties: - esql: - description: The query definition, which uses Elasticsearch Query Language. - type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' - searchType: - description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL). + properties: + equation: + description: The equation to calculate the "total" metric. + example: A type: string - enum: - - esqlQuery - example: esqlQuery - size: - type: integer - description: | - When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior. - example: 0 - termSize: - $ref: '#/components/schemas/termsize' - threshold: - type: array + metrics: + description: List of metrics with their name, aggregation type, and field. items: - type: integer - minimum: 0 - maximum: 0 - description: | - The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero. - thresholdComparator: - type: string - description: | - The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results. - enum: - - '>' - example: '>' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - filter: + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total_Metrics_1' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total_Metrics_2' + type: array + required: + - metrics + - equation + SLOs_indicator_properties_custom_metric_Params_Total_Metrics_1: type: object - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. properties: - meta: - type: object - properties: - alias: - type: string - nullable: true - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - group: - type: string - index: - type: string - isMultiIndex: - type: boolean - key: - type: string - negate: - type: boolean - params: - type: object - type: - type: string - value: - type: string - query: - type: object - $state: - type: object - params_es_query_kql_rule: - title: Elasticsearch KQL query rule params - description: | - An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. - type: object - required: - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' - searchConfiguration: - description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch. - type: object - properties: - filter: - type: array - items: - $ref: '#/components/schemas/filter' - index: - description: The indices to query. - oneOf: - - type: string - - type: array - items: - type: string - query: - type: object - properties: - language: - type: string - example: kuery - query: - type: string - searchType: - description: The type of query, in this case a text-based query that uses KQL or Lucene. - type: string + aggregation: + description: The aggregation type of the metric. enum: - - searchSource - example: searchSource - size: - $ref: '#/components/schemas/size' - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_index_threshold_rule: - title: Index threshold rule params - description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`. - type: object - required: - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - filterKuery: - description: A KQL expression thats limits the scope of alerts. + - sum + example: sum type: string - groupBy: - $ref: '#/components/schemas/groupby' - index: - description: The indices to query. - type: array - items: - type: string - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_property_infra_inventory: - title: Inventory - description: | - The parameters for the infrastructure inventory rule. These parameters are appropriate when `rule_type_id` is `metrics.alert.inventory.threshold`. - type: object - properties: - criteria: - type: array - items: - type: object - properties: - metric: - type: string - enum: - - count - - cpu - - diskLatency - - load - - memory - - memoryTotal - - tx - - rx - - logRate - - diskIOReadBytes - - diskIOWriteBytes - - s3TotalRequests - - s3NumberOfObjects - - s3BucketSize - - s3DownloadBytes - - s3UploadBytes - - rdsConnections - - rdsQueriesExecuted - - rdsActiveTransactions - - rdsLatency - - sqsMessagesVisible - - sqsMessagesDelayed - - sqsMessagesSent - - sqsMessagesEmpty - - sqsOldestMessage - - custom - timeSize: - type: number - timeUnit: - type: string - enum: - - s - - m - - h - - d - sourceId: - type: string - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - customMetric: - type: object - properties: - type: - type: string - enum: - - custom - field: - type: string - aggregation: - type: string - enum: - - avg - - max - - min - - rate - id: - type: string - label: - type: string - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - filterQuery: + field: + description: The field of the metric. + example: processor.processed type: string - filterQueryText: + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' type: string - nodeType: + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ type: string + required: + - name + - aggregation + - field + SLOs_indicator_properties_custom_metric_Params_Total_Metrics_2: + type: object + properties: + aggregation: + description: The aggregation type of the metric. enum: - - host - - pod - - container - - awsEC2 - - awsS3 - - awsSQS - - awsRDS - sourceId: + - doc_count + example: doc_count type: string - alertOnNoData: - type: boolean - params_property_log_threshold: - oneOf: - - title: Log threshold count - description: | - The parameters for a log threshold rule that counts the number of log entries that match the criteria. These parameters are appropriate when `rule_type_id` is `logs.alert.document.count`. - type: object - required: - - count - - timeSize - - timeUnit - - logView - properties: - criteria: - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: - type: object - properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: - type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: - type: array - items: - type: string - - title: Log threshold ratio - description: | - The parameters for a log threshold rule that calculates the ratio of log entries that match the criteria. These parameters are appropriate when `rule_type_id` is `logs.alert.document.count`. - type: object - required: - - count - - timeSize - - timeUnit - - logView - properties: - criteria: - type: array - items: - minItems: 2 - maxItems: 2 - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: - type: object - properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: - type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: - type: array - items: - type: string - params_property_infra_metric_threshold: - title: Metric threshold - description: | - The parameters for the metric threshold rule. These parameters are appropriate when `rule_type_id` is `metrics.alert.threshold`. + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' + type: string + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ + type: string + required: + - name + - aggregation + SLOs_indicator_properties_histogram_Params: + description: An object containing the indicator parameters. + nullable: false type: object properties: - criteria: - type: array - items: - oneOf: - - title: non count criterion - type: object - properties: - threshold: - type: array - items: - type: number - description: | - The threshold value that is used with the `comparator`. If the `comparator` is `between`, you must specify the boundary values. - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - description: | - The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "outside". - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - description: | - The threshold value that is used with the `warningComparator`. If the `warningComparator` is `between`, you must specify the boundary values. - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - metric: - type: string - aggType: - type: string - enum: - - avg - - max - - min - - cardinality - - rate - - count - - sum - - p95 - - p99 - - custom - - title: count criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - count - - title: custom criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - custom - customMetric: - type: array - items: - oneOf: - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - avg - - sum - - max - - min - - cardinality - description: | - An aggregation to gather data for the rule. For example, find the average, highest or lowest value of a numeric field. Or use a cardinality aggregation to find the approximate number of unique values in a field. - field: - type: string - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - count - filter: - type: string - equation: - type: string - label: - type: string - groupBy: - oneOf: - - type: string - - type: array - items: - type: string - description: | - Create an alert for every unique value of the specified fields. For example, you can create a rule per host or every mount point of each host. - IMPORTANT: If you include the same field in both the `filterQuery` and `groupBy`, you might receive fewer results than you expect. For example, if you filter by `cloud.region: us-east`, grouping by `cloud.region` will have no effect because the filter query can match only one region. - filterQuery: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string - description: | - A query that limits the scope of the rule. The rule evaluates only metric data that matches the query. - sourceId: + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' type: string - alertOnNoData: - type: boolean - description: If true, an alert occurs if the metrics do not report any data over the expected period or if the query fails. - alertOnGroupDisappear: - type: boolean + good: + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params_Good' + index: + description: The index or index pattern to use + example: my-service-* + type: string + timestampField: description: | - If true, an alert occurs if a group that previously reported metrics does not report them again over the expected time period. This check is not recommended for dynamically scaling infrastructures that might rapidly start and stop nodes automatically. - params_property_slo_burn_rate: - title: SLO burn rate + The timestamp field used in the source indice. + example: timestamp + type: string + total: + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params_Total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_histogram_Params_Good: description: | - The parameters for the SLO burn rate rule. These parameters are appropriate when `rule_type_id` is `slo.rules.burnRate`. + An object defining the "good" events type: object properties: - sloId: - description: The SLO identifier used by the rule + aggregation: + description: The type of aggregation to use. + enum: + - value_count + - range + example: value_count type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - burnRateThreshold: - description: The burn rate threshold used to trigger the alert - type: number - example: 14.4 - maxBurnRateThreshold: - description: The maximum burn rate threshold value defined by the SLO error budget - type: number - example: 168 - longWindow: - description: The duration of the long window used to compute the burn rate - type: object - properties: - value: - description: The duration value - type: number - example: 6 - unit: - description: The duration unit - type: string - example: h - shortWindow: - description: The duration of the short window used to compute the burn rate - type: object - properties: - value: - description: The duration value - type: number - example: 30 - unit: - description: The duration unit - type: string - example: m - params_property_synthetics_uptime_tls: - title: Synthetics TLS certificate + field: + description: The field use to aggregate the good events. + example: processor.latency + type: string + filter: + description: The filter for good events. + example: 'processor.outcome: "success"' + type: string + from: + description: The starting value of the range. Only required for "range" aggregations. + example: 0 + type: number + to: + description: The ending value of the range. Only required for "range" aggregations. + example: 100 + type: number + required: + - aggregation + - field + SLOs_indicator_properties_histogram_Params_Total: description: | - The parameters for the synthetics TLS certificate rule. These parameters are appropriate when `rule_type_id` is `xpack.uptime.alerts.tls`. + An object defining the "total" events type: object properties: - search: + aggregation: + description: The type of aggregation to use. + enum: + - value_count + - range + example: value_count + type: string + field: + description: The field use to aggregate the good events. + example: processor.latency type: string - certExpirationThreshold: + filter: + description: The filter for total events. + example: 'processor.outcome : *' + type: string + from: + description: The starting value of the range. Only required for "range" aggregations. + example: 0 type: number - certAgeThreshold: + to: + description: The ending value of the range. Only required for "range" aggregations. + example: 100 type: number - params_property_synthetics_monitor_status: - title: Synthetics monitor status + required: + - aggregation + - field + SLOs_indicator_properties_timeslice_metric_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + type: string + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + index: + description: The index or index pattern to use + example: my-service-* + type: string + metric: + $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric_Params_Metric' + timestampField: + description: | + The timestamp field used in the source indice. + example: timestamp + type: string + required: + - index + - timestampField + - metric + SLOs_indicator_properties_timeslice_metric_Params_Metric: description: | - The parameters for the Synthetics monitor status rule. These parameters are appropriate when `rule_type_id` is `xpack.uptime.alerts.monitorStatus`. + An object defining the metrics, equation, and threshold to determine if it's a good slice or not type: object + properties: + comparator: + description: The comparator to use to compare the equation to the threshold. + enum: + - GT + - GTE + - LT + - LTE + example: GT + type: string + equation: + description: The equation to calculate the metric. + example: A + type: string + metrics: + description: List of metrics with their name, aggregation type, and field. + items: + anyOf: + - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' + discriminator: + mapping: + avg: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + cardinality: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + doc_count: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' + last_value: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + max: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + min: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + percentile: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + std_deviation: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + sum: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + propertyName: aggregation + type: array + threshold: + description: The threshold used to determine if the metric is a good slice or not. + example: 100 + type: number required: - - numTimes - - shouldCheckStatus - - shouldCheckAvailability + - metrics + - equation + - comparator + - threshold + SLOs_kql_with_filters_1: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + SLOs_kql_with_filters_2: + type: object properties: - availability: - type: object - properties: - range: - type: number - rangeUnit: - type: string - threshold: - type: string filters: - oneOf: - - type: string - - type: object - deprecated: true - properties: - monitor.type: - type: array - items: - type: string - observer.geo.name: - type: array - items: - type: string - tags: - type: array - items: - type: string - url.port: - type: array - items: - type: string - locations: - deprecated: true + items: + $ref: '#/components/schemas/SLOs_filter' type: array + kqlQuery: + type: string + SLOs_kql_with_filters_good_1: + description: the KQL query to filter the documents with. + example: 'request.latency <= 150 and request.status_code : "2xx"' + type: string + SLOs_kql_with_filters_good_2: + type: object + properties: + filters: items: - type: string - numTimes: - type: number - search: + $ref: '#/components/schemas/SLOs_filter' + type: array + kqlQuery: type: string - shouldCheckStatus: - type: boolean - shouldCheckAvailability: - type: boolean - timerangeCount: - type: number - timerangeUnit: + SLOs_kql_with_filters_total_1: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + SLOs_kql_with_filters_total_2: + type: object + properties: + filters: + items: + $ref: '#/components/schemas/SLOs_filter' + type: array + kqlQuery: type: string - timerange: - deprecated: true - type: object - properties: - from: - type: string - to: - type: string - version: - type: number - isAutoGenerated: - type: boolean + Task_manager_health_Serverless_APIs_health_response_serverless_Stats: + type: object + properties: + configuration: + $ref: '#/components/schemas/Task_manager_health_Serverless_APIs_configuration' + workload: + $ref: '#/components/schemas/Task_manager_health_Serverless_APIs_workload' securitySchemes: apiKeyAuth: description: You must create an API key and use the encoded value in the request header. To learn about creating keys, go to [API keys](https://www.elastic.co/docs/current/serverless/api-keys). diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index e1412e4e6a284..9079795346799 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -403,71 +403,7 @@ paths: application/json: schema: items: - additionalProperties: false - type: object - properties: - allow_multiple_system_actions: - description: Indicates whether multiple instances of the same system action connector can be used in a single rule. - type: boolean - enabled: - description: Indicates whether the connector is enabled. - type: boolean - enabled_in_config: - description: Indicates whether the connector is enabled in the Kibana configuration. - type: boolean - enabled_in_license: - description: Indicates whether the connector is enabled through the license. - type: boolean - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_system_action_type: - description: Indicates whether the action is a system action. - type: boolean - minimum_license_required: - description: The minimum license required to enable the connector. - enum: - - basic - - standard - - gold - - platinum - - enterprise - - trial - type: string - name: - description: The name of the connector type. - type: string - source: - description: The source of the connector type definition. - enum: - - yml - - spec - - stack - type: string - sub_feature: - description: Indicates the sub-feature type the connector is grouped under. - enum: - - endpointSecurity - type: string - supported_feature_ids: - description: The list of supported features - items: - type: string - type: array - required: - - id - - name - - enabled - - enabled_in_config - - enabled_in_license - - minimum_license_required - - supported_feature_ids - - is_system_action_type - - is_deprecated - - source + $ref: '#/components/schemas/ApiActionsConnectorTypes_Get_Response_200_Item' type: array examples: getConnectorTypesServerlessResponse: @@ -531,44 +467,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200' examples: getConnectorResponse: $ref: '#/components/examples/get_connector_response' @@ -607,73 +506,63 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnector_Post_Request' properties: - connector_type_id: - description: The type of connector. - type: string - name: - description: The display name for the connector. - type: string config: additionalProperties: {} default: {} description: The connector configuration details. oneOf: - - $ref: '#/components/schemas/bedrock_config' - - $ref: '#/components/schemas/crowdstrike_config' - - $ref: '#/components/schemas/d3security_config' - - $ref: '#/components/schemas/email_config' - - $ref: '#/components/schemas/gemini_config' - - $ref: '#/components/schemas/resilient_config' - - $ref: '#/components/schemas/index_config' - - $ref: '#/components/schemas/jira_config' - - $ref: '#/components/schemas/genai_azure_config' - - $ref: '#/components/schemas/genai_openai_config' - - $ref: '#/components/schemas/genai_openai_other_config' - - $ref: '#/components/schemas/opsgenie_config' - - $ref: '#/components/schemas/pagerduty_config' - - $ref: '#/components/schemas/sentinelone_config' - - $ref: '#/components/schemas/servicenow_config' - - $ref: '#/components/schemas/servicenow_itom_config' - - $ref: '#/components/schemas/slack_api_config' - - $ref: '#/components/schemas/swimlane_config' - - $ref: '#/components/schemas/thehive_config' - - $ref: '#/components/schemas/tines_config' - - $ref: '#/components/schemas/torq_config' - - $ref: '#/components/schemas/webhook_config' - - $ref: '#/components/schemas/cases_webhook_config' - - $ref: '#/components/schemas/xmatters_config' + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/index_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_azure_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_other_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_itom_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_config.yaml secrets: additionalProperties: {} default: {} oneOf: - - $ref: '#/components/schemas/bedrock_secrets' - - $ref: '#/components/schemas/crowdstrike_secrets' - - $ref: '#/components/schemas/d3security_secrets' - - $ref: '#/components/schemas/email_secrets' - - $ref: '#/components/schemas/gemini_secrets' - - $ref: '#/components/schemas/resilient_secrets' - - $ref: '#/components/schemas/jira_secrets' - - $ref: '#/components/schemas/defender_secrets' - - $ref: '#/components/schemas/teams_secrets' - - $ref: '#/components/schemas/genai_secrets' - - $ref: '#/components/schemas/opsgenie_secrets' - - $ref: '#/components/schemas/pagerduty_secrets' - - $ref: '#/components/schemas/sentinelone_secrets' - - $ref: '#/components/schemas/servicenow_secrets' - - $ref: '#/components/schemas/slack_api_secrets' - - $ref: '#/components/schemas/swimlane_secrets' - - $ref: '#/components/schemas/thehive_secrets' - - $ref: '#/components/schemas/tines_secrets' - - $ref: '#/components/schemas/torq_secrets' - - $ref: '#/components/schemas/webhook_secrets' - - $ref: '#/components/schemas/cases_webhook_secrets' - - $ref: '#/components/schemas/xmatters_secrets' - required: - - name - - connector_type_id + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/defender_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/teams_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_secrets.yaml examples: createEmailConnectorRequest: $ref: '#/components/examples/create_email_connector_request' @@ -688,44 +577,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Post_Response_200' examples: createEmailConnectorResponse: $ref: '#/components/examples/create_email_connector_response' @@ -770,68 +622,62 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnector_Put_Request' properties: - name: - description: The display name for the connector. - type: string config: additionalProperties: {} default: {} description: The connector configuration details. oneOf: - - $ref: '#/components/schemas/bedrock_config' - - $ref: '#/components/schemas/crowdstrike_config' - - $ref: '#/components/schemas/d3security_config' - - $ref: '#/components/schemas/email_config' - - $ref: '#/components/schemas/gemini_config' - - $ref: '#/components/schemas/resilient_config' - - $ref: '#/components/schemas/index_config' - - $ref: '#/components/schemas/jira_config' - - $ref: '#/components/schemas/defender_config' - - $ref: '#/components/schemas/genai_azure_config' - - $ref: '#/components/schemas/genai_openai_config' - - $ref: '#/components/schemas/opsgenie_config' - - $ref: '#/components/schemas/pagerduty_config' - - $ref: '#/components/schemas/sentinelone_config' - - $ref: '#/components/schemas/servicenow_config' - - $ref: '#/components/schemas/servicenow_itom_config' - - $ref: '#/components/schemas/slack_api_config' - - $ref: '#/components/schemas/swimlane_config' - - $ref: '#/components/schemas/thehive_config' - - $ref: '#/components/schemas/tines_config' - - $ref: '#/components/schemas/torq_config' - - $ref: '#/components/schemas/webhook_config' - - $ref: '#/components/schemas/cases_webhook_config' - - $ref: '#/components/schemas/xmatters_config' + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/index_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/defender_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_azure_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_openai_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_itom_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_config.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_config.yaml secrets: additionalProperties: {} default: {} oneOf: - - $ref: '#/components/schemas/bedrock_secrets' - - $ref: '#/components/schemas/crowdstrike_secrets' - - $ref: '#/components/schemas/d3security_secrets' - - $ref: '#/components/schemas/email_secrets' - - $ref: '#/components/schemas/gemini_secrets' - - $ref: '#/components/schemas/resilient_secrets' - - $ref: '#/components/schemas/jira_secrets' - - $ref: '#/components/schemas/teams_secrets' - - $ref: '#/components/schemas/genai_secrets' - - $ref: '#/components/schemas/opsgenie_secrets' - - $ref: '#/components/schemas/pagerduty_secrets' - - $ref: '#/components/schemas/sentinelone_secrets' - - $ref: '#/components/schemas/servicenow_secrets' - - $ref: '#/components/schemas/slack_api_secrets' - - $ref: '#/components/schemas/swimlane_secrets' - - $ref: '#/components/schemas/thehive_secrets' - - $ref: '#/components/schemas/tines_secrets' - - $ref: '#/components/schemas/torq_secrets' - - $ref: '#/components/schemas/webhook_secrets' - - $ref: '#/components/schemas/cases_webhook_secrets' - - $ref: '#/components/schemas/xmatters_secrets' - required: - - name + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/bedrock_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/crowdstrike_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/d3security_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/email_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/gemini_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/resilient_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/jira_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/teams_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/genai_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/opsgenie_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/pagerduty_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/sentinelone_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/servicenow_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/slack_api_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/swimlane_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/thehive_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/tines_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/torq_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/cases_webhook_secrets.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_secrets.yaml examples: updateIndexConnectorRequest: $ref: '#/components/examples/update_index_connector_request' @@ -840,44 +686,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnector_Put_Response_200' description: Indicates a successful call. '403': description: Indicates that this call is forbidden. @@ -922,36 +731,33 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Request' properties: params: additionalProperties: {} oneOf: - - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty' - - $ref: '#/components/schemas/run_documents' - - $ref: '#/components/schemas/run_message_email' - - $ref: '#/components/schemas/run_message_serverlog' - - $ref: '#/components/schemas/run_message_slack' - - $ref: '#/components/schemas/run_trigger_pagerduty' - - $ref: '#/components/schemas/run_addevent' - - $ref: '#/components/schemas/run_closealert' - - $ref: '#/components/schemas/run_closeincident' - - $ref: '#/components/schemas/run_createalert' - - $ref: '#/components/schemas/run_fieldsbyissuetype' - - $ref: '#/components/schemas/run_getagentdetails' - - $ref: '#/components/schemas/run_getagents' - - $ref: '#/components/schemas/run_getchoices' - - $ref: '#/components/schemas/run_getfields' - - $ref: '#/components/schemas/run_getincident' - - $ref: '#/components/schemas/run_issue' - - $ref: '#/components/schemas/run_issues' - - $ref: '#/components/schemas/run_issuetypes' - - $ref: '#/components/schemas/run_postmessage' - - $ref: '#/components/schemas/run_pushtoservice' - - $ref: '#/components/schemas/run_validchannelid' - required: - - params + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_acknowledge_resolve_pagerduty.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_documents.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_email.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_serverlog.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_message_slack.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_trigger_pagerduty.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_addevent.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closealert.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issue.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issues.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_issuetypes.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_postmessage.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_pushtoservice.yaml + - $ref: ../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_validchannelid.yaml examples: runIndexConnectorRequest: $ref: '#/components/examples/run_index_connector_request' @@ -968,44 +774,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Response_200' examples: runIndexConnectorResponse: $ref: '#/components/examples/run_index_connector_response' @@ -1038,48 +807,7 @@ paths: application/json: schema: items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_connector_type_deprecated: - description: Indicates whether the connector type is deprecated. - type: boolean - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the connector.' - type: string - referenced_by_count: - description: The number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated. - type: number - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - - is_connector_type_deprecated - - referenced_by_count + $ref: '#/components/schemas/ApiActionsConnectors_Get_Response_200_Item' type: array examples: getConnectorsResponse: @@ -1325,60 +1053,7 @@ paths: - department-search name: Search Index Helper schema: - additionalProperties: false - type: object - properties: - avatar_color: - description: Optional hex color code for the agent avatar. - type: string - avatar_symbol: - description: Optional symbol/initials for the agent avatar. - type: string - configuration: - additionalProperties: false - description: Configuration settings for the agent. - type: object - properties: - instructions: - description: Optional system instructions that define the agent behavior. - type: string - tools: - items: - additionalProperties: false - description: Tool selection configuration for the agent. - type: object - properties: - tool_ids: - description: Array of tool IDs that the agent can use. - items: - description: Tool ID to be available to the agent. - type: string - type: array - required: - - tool_ids - type: array - required: - - tools - description: - description: Description of what the agent does. - type: string - id: - description: Unique identifier for the agent. - type: string - labels: - description: Optional labels for categorizing and organizing agents. - items: - description: Label for categorizing the agent. - type: string - type: array - name: - description: Display name for the agent. - type: string - required: - - id - - name - - description - - configuration + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request' responses: '200': content: @@ -1553,50 +1228,7 @@ paths: - elastic-employees name: Search Index Helper schema: - additionalProperties: false - type: object - properties: - avatar_color: - description: Updated hex color code for the agent avatar. - type: string - avatar_symbol: - description: Updated symbol/initials for the agent avatar. - type: string - configuration: - additionalProperties: false - description: Updated configuration settings for the agent. - type: object - properties: - instructions: - description: Updated system instructions that define the agent behavior. - type: string - tools: - items: - additionalProperties: false - description: Tool selection configuration for the agent. - type: object - properties: - tool_ids: - description: Array of tool IDs that the agent can use. - items: - description: Tool ID to be available to the agent. - type: string - type: array - required: - - tool_ids - type: array - description: - description: Updated description of what the agent does. - type: string - labels: - description: Updated labels for categorizing and organizing agents. - items: - description: Updated label for categorizing the agent. - type: string - type: array - name: - description: Updated display name for the agent. - type: string + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request' responses: '200': content: @@ -1891,25 +1523,7 @@ paths: description: Meeting notes type: text schema: - additionalProperties: false - type: object - properties: - data: {} - description: - description: Human-readable description of the attachment. - type: string - hidden: - description: Whether the attachment should be hidden from the user. - type: boolean - id: - description: Optional custom ID for the attachment. - type: string - type: - description: The type of the attachment (e.g., text, json, visualization_ref). - type: string - required: - - type - - data + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Post_Request' responses: '200': content: @@ -2037,14 +1651,7 @@ paths: value: description: Updated attachment name schema: - additionalProperties: false - type: object - properties: - description: - description: The new description/name for the attachment. - type: string - required: - - description + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Patch_Request' responses: '200': content: @@ -2118,15 +1725,7 @@ paths: data: New content version description: Updated meeting notes - v2 schema: - additionalProperties: false - type: object - properties: - data: {} - description: - description: Optional new description for the attachment. - type: string - required: - - data + $ref: '#/components/schemas/ApiAgentBuilderConversationsAttachments_Put_Request' responses: '200': content: @@ -2251,103 +1850,7 @@ paths: connector_id: my-connector-id input: What is Elasticsearch? schema: - additionalProperties: false - type: object - properties: - agent_id: - default: elastic-ai-agent - description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. - type: string - attachments: - description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' - items: - additionalProperties: false - type: object - properties: - data: - additionalProperties: {} - description: Payload of the attachment. - type: object - hidden: - description: When true, the attachment will not be displayed in the UI. - type: boolean - id: - description: Optional id for the attachment. - type: string - type: - description: Type of the attachment. - type: string - required: - - type - - data - type: array - browser_api_tools: - description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. - items: - additionalProperties: false - type: object - properties: - description: - description: Description of what the browser API tool does. - type: string - id: - description: Unique identifier for the browser API tool. - type: string - schema: {} - required: - - id - - description - - schema - type: array - capabilities: - additionalProperties: false - description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. - type: object - properties: - visualizations: - description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. - type: boolean - configuration_overrides: - additionalProperties: false - description: Runtime configuration overrides. These override the stored agent configuration for this execution only. - type: object - properties: - instructions: - description: Custom instructions for the agent. - type: string - tools: - description: Tool selection to enable for this execution. - items: - additionalProperties: false - type: object - properties: - tool_ids: - items: - type: string - type: array - required: - - tool_ids - type: array - connector_id: - description: Optional connector ID for the agent to use for external integrations. - type: string - conversation_id: - description: Optional existing conversation ID to continue a previous conversation. - type: string - input: - description: The user input message to send to the agent. - type: string - prompts: - additionalProperties: - additionalProperties: false - type: object - properties: - allow: - type: boolean - required: - - allow - description: Can be used to respond to a confirmation prompt. - type: object + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request' responses: '200': content: @@ -2589,103 +2092,7 @@ paths: conversation_id: c250305b-1929-4248-b568-b9e3f065fda5 input: Hello schema: - additionalProperties: false - type: object - properties: - agent_id: - default: elastic-ai-agent - description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. - type: string - attachments: - description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' - items: - additionalProperties: false - type: object - properties: - data: - additionalProperties: {} - description: Payload of the attachment. - type: object - hidden: - description: When true, the attachment will not be displayed in the UI. - type: boolean - id: - description: Optional id for the attachment. - type: string - type: - description: Type of the attachment. - type: string - required: - - type - - data - type: array - browser_api_tools: - description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. - items: - additionalProperties: false - type: object - properties: - description: - description: Description of what the browser API tool does. - type: string - id: - description: Unique identifier for the browser API tool. - type: string - schema: {} - required: - - id - - description - - schema - type: array - capabilities: - additionalProperties: false - description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. - type: object - properties: - visualizations: - description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. - type: boolean - configuration_overrides: - additionalProperties: false - description: Runtime configuration overrides. These override the stored agent configuration for this execution only. - type: object - properties: - instructions: - description: Custom instructions for the agent. - type: string - tools: - description: Tool selection to enable for this execution. - items: - additionalProperties: false - type: object - properties: - tool_ids: - items: - type: string - type: array - required: - - tool_ids - type: array - connector_id: - description: Optional connector ID for the agent to use for external integrations. - type: string - conversation_id: - description: Optional existing conversation ID to continue a previous conversation. - type: string - input: - description: The user input message to send to the agent. - type: string - prompts: - additionalProperties: - additionalProperties: false - type: object - properties: - allow: - type: boolean - required: - - allow - description: Can be used to respond to a confirmation prompt. - type: object + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request' responses: '200': content: @@ -3022,39 +2429,7 @@ paths: - finance type: index_search schema: - additionalProperties: false - type: object - properties: - configuration: - additionalProperties: {} - description: Tool-specific configuration parameters. See examples for details. - type: object - description: - default: '' - description: Description of what the tool does. - type: string - id: - description: Unique identifier for the tool. - type: string - tags: - default: [] - description: Optional tags for categorizing and organizing tools. - items: - description: Tag for categorizing the tool. - type: string - type: array - type: - description: The type of tool to create (e.g., esql, index_search). - enum: - - esql - - index_search - - workflow - - mcp - type: string - required: - - id - - type - - configuration + $ref: '#/components/schemas/ApiAgentBuilderTools_Post_Request' responses: '200': content: @@ -3224,22 +2599,7 @@ paths: tool_params: nlQuery: find trades with high execution prices above 100 schema: - additionalProperties: false - type: object - properties: - connector_id: - description: Optional connector ID for tools that require external integrations. - type: string - tool_id: - description: The ID of the tool to execute. - type: string - tool_params: - additionalProperties: {} - description: Parameters to pass to the tool execution. See examples for details - type: object - required: - - tool_id - - tool_params + $ref: '#/components/schemas/ApiAgentBuilderToolsExecute_Post_Request' responses: '200': content: @@ -3650,22 +3010,7 @@ paths: - compliance - reporting schema: - additionalProperties: false - type: object - properties: - configuration: - additionalProperties: {} - description: Updated tool-specific configuration parameters. See examples for details. - type: object - description: - description: Updated description of what the tool does. - type: string - tags: - description: Updated tags for categorizing and organizing tools. - items: - description: Updated tag for categorizing the tool. - type: string - type: array + $ref: '#/components/schemas/ApiAgentBuilderTools_Put_Request' responses: '200': content: @@ -3810,66 +3155,7 @@ paths: getAlertingHealthResponse: $ref: '#/components/examples/Alerting_get_health_response' schema: - type: object - properties: - alerting_framework_health: - description: | - Three substates identify the health of the alerting framework: `decryption_health`, `execution_health`, and `read_health`. - type: object - properties: - decryption_health: - description: The timestamp and status of the rule decryption. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - execution_health: - description: The timestamp and status of the rule run. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - read_health: - description: The timestamp and status of the rule reading events. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - has_permanent_encryption_key: - description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. - example: true - type: boolean - is_sufficiently_secure: - description: If `false`, security is enabled but TLS is not. - example: true - type: boolean + $ref: '#/components/schemas/ApiAlertingHealth_Get_Response_200' description: Indicates a successful call. '401': content: @@ -3903,240 +3189,7 @@ paths: $ref: '#/components/examples/Alerting_get_rule_types_response' schema: items: - type: object - properties: - action_groups: - description: | - An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid. - items: - type: object - properties: - id: - type: string - name: - type: string - type: array - action_variables: - description: | - A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors. - type: object - properties: - context: - items: - type: object - properties: - description: - type: string - name: - type: string - useWithTripleBracesInTemplates: - type: boolean - type: array - params: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - state: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - alerts: - description: | - Details for writing alerts as data documents for this rule type. - type: object - properties: - context: - description: | - The namespace for this rule type. - enum: - - ml.anomaly-detection - - observability.apm - - observability.logs - - observability.metrics - - observability.slo - - observability.threshold - - observability.uptime - - security - - stack - type: string - dynamic: - description: Indicates whether new fields are added dynamically. - enum: - - 'false' - - runtime - - strict - - 'true' - type: string - isSpaceAware: - description: | - Indicates whether the alerts are space-aware. If true, space-specific alert indices are used. - type: boolean - mappings: - type: object - properties: - fieldMap: - additionalProperties: - $ref: '#/components/schemas/Alerting_fieldmap_properties' - description: | - Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation. - type: object - secondaryAlias: - description: | - A secondary alias. It is typically used to support the signals alias for detection rules. - type: string - shouldWrite: - description: | - Indicates whether the rule should write out alerts as data. - type: boolean - useEcs: - description: | - Indicates whether to include the ECS component template for the alerts. - type: boolean - useLegacyAlerts: - default: false - description: | - Indicates whether to include the legacy component template for the alerts. - type: boolean - authorized_consumers: - description: The list of the plugins IDs that have access to the rule type. - type: object - properties: - alerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - apm: - type: object - properties: - all: - type: boolean - read: - type: boolean - discover: - type: object - properties: - all: - type: boolean - read: - type: boolean - infrastructure: - type: object - properties: - all: - type: boolean - read: - type: boolean - logs: - type: object - properties: - all: - type: boolean - read: - type: boolean - ml: - type: object - properties: - all: - type: boolean - read: - type: boolean - monitoring: - type: object - properties: - all: - type: boolean - read: - type: boolean - siem: - type: object - properties: - all: - type: boolean - read: - type: boolean - slo: - type: object - properties: - all: - type: boolean - read: - type: boolean - stackAlerts: - type: object - properties: - all: - type: boolean - read: - type: boolean - uptime: - type: object - properties: - all: - type: boolean - read: - type: boolean - category: - description: The rule category, which is used by features such as category-specific maintenance windows. - enum: - - management - - observability - - securitySolution - type: string - default_action_group_id: - description: The default identifier for the rule type group. - type: string - does_set_recovery_context: - description: Indicates whether the rule passes context variables to its recovery action. - type: boolean - enabled_in_license: - description: Indicates whether the rule type is enabled or disabled based on the subscription. - type: boolean - has_alerts_mappings: - description: Indicates whether the rule type has custom mappings for the alert data. - type: boolean - has_fields_for_a_a_d: - type: boolean - id: - description: The unique identifier for the rule type. - type: string - is_exportable: - description: Indicates whether the rule type is exportable in **Stack Management > Saved Objects**. - type: boolean - minimum_license_required: - description: The subscriptions required to use the rule type. - example: basic - type: string - name: - description: The descriptive name of the rule type. - type: string - producer: - description: An identifier for the application that produces this rule type. - example: stackAlerts - type: string - recovery_action_group: - description: An action group to use when an alert goes from an active state to an inactive one. - type: object - properties: - id: - type: string - name: - type: string - rule_task_timeout: - example: 5m - type: string + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Item' type: array description: Indicates a successful call. '401': @@ -4203,674 +3256,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -5070,263 +3456,27 @@ paths: schedule: interval: 1h schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiAlertingRule_Post_Request' properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10 - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - maxLength: 10000 - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - enabled: - default: true - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: The check interval, which specifies how frequently the rule conditions are checked. - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. - items: - type: string - type: array - throttle: - description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string params: additionalProperties: {} default: {} description: The parameters for the rule. anyOf: - - $ref: '#/components/schemas/params_property_apm_anomaly' - - $ref: '#/components/schemas/params_property_apm_error_count' - - $ref: '#/components/schemas/params_property_apm_transaction_duration' - - $ref: '#/components/schemas/params_property_apm_transaction_error_rate' - - $ref: '#/components/schemas/params_es_query_dsl_rule' - - $ref: '#/components/schemas/params_es_query_esql_rule' - - $ref: '#/components/schemas/params_es_query_kql_rule' - - $ref: '#/components/schemas/params_index_threshold_rule' - - $ref: '#/components/schemas/params_property_infra_inventory' - - $ref: '#/components/schemas/params_property_log_threshold' - - $ref: '#/components/schemas/params_property_infra_metric_threshold' - - $ref: '#/components/schemas/params_property_slo_burn_rate' - - $ref: '#/components/schemas/params_property_synthetics_uptime_tls' - - $ref: '#/components/schemas/params_property_synthetics_monitor_status' - required: - - name - - rule_type_id - - consumer - - schedule + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_anomaly.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_error_count.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_transaction_duration.yaml + - $ref: ../../x-pack/solutions/observability/plugins/apm/server/routes/alerts/rule_types/docs/params_property_apm_transaction_error_rate.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_dsl_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_esql_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_es_query_kql_rule.yaml + - $ref: ../../x-pack/platform/plugins/shared/alerting/docs/openapi/components/schemas/params_index_threshold_rule.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_infra_inventory.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_log_threshold.yaml + - $ref: ../../x-pack/solutions/observability/plugins/infra/server/lib/alerting/docs/params_property_infra_metric_threshold.yaml + - $ref: ../../x-pack/solutions/observability/plugins/slo/server/lib/rules/slo_burn_rate/docs/params_property_slo_burn_rate.yaml + - $ref: ../../x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/lib/alerts/docs/params_property_synthetics_uptime_tls.yaml + - $ref: ../../x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/lib/alerts/docs/params_property_synthetics_monitor_status.yaml responses: '200': content: @@ -5614,674 +3764,7 @@ paths: updated_at: '2024-02-15T03:24:32.574Z' updated_by: elastic schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -6358,235 +3841,7 @@ paths: interval: 1m tags: [] schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10 - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - maxLength: 10000 - type: string - required: - - blob - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - name - - schedule + $ref: '#/components/schemas/ApiAlertingRule_Put_Request' responses: '200': content: @@ -6662,674 +3917,7 @@ paths: updated_at: '2024-03-26T23:22:59.949Z' updated_by: elastic schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -7372,14 +3960,7 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true + $ref: '#/components/schemas/ApiAlertingRuleDisable_Post_Request' responses: '204': description: Indicates a successful call. @@ -7584,144 +4165,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - schedule + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - id: - description: Identifier of the snooze schedule. - type: string - required: - - id - required: - - schedule - required: - - body + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema. @@ -8178,674 +4628,7 @@ paths: per_page: 10 total: 1 schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: Defines a period that limits whether the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL). - type: string - filters: - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: A filter can be either specific to an application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: The end of the time frame in 24-hour notation (`hh:mm`). - type: string - start: - description: The start of the time frame in 24-hour notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: The type of connector. This property appears in responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: The number of consecutive runs that must meet the rule conditions. - type: number - required: - - active - api_key_created_by_user: - description: Indicates whether the API key that is associated with the rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: The owner of the API key that is associated with the rule and used to run background tasks. - nullable: true - type: string - artifacts: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - investigation_guide: - additionalProperties: false - type: object - properties: - blob: - description: User-created content that describes alert causes and remdiation. - type: string - required: - - blob - consumer: - description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: Indicates whether you want to run the rule on an interval basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. - nullable: true - type: object - properties: - enabled: - description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. - type: boolean - look_back_window: - description: The minimum number of runs in which the threshold must be met. - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - description: The minimum number of times an alert must switch states in the look back window. - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: Calculation of different percentiles and success ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: Outcome of last run of the rule. Value could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: Indicates whether the rule run was successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - gap_range: - additionalProperties: false - nullable: true - type: object - properties: - gte: - description: End of the gap range. - type: string - lte: - description: Start of the gap range. - type: string - required: - - lte - - gte - total_alerts_created: - description: Total number of alerts created during last rule run. - nullable: true - type: number - total_alerts_detected: - description: Total number of alerts detected during last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: Total time spent indexing documents during last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: The interval is specified in seconds, minutes, hours, or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: Indicates months of the year that this rule should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: Indicates the days of the year that this rule should recur. - type: number - nullable: true - type: array - count: - description: Number of times the rule should recur until it stops. - type: number - dtstart: - description: Rule start date in Coordinated Universal Time (UTC). - type: string - freq: - description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: The identifier for the user that updated this rule most recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -8938,22 +4721,14 @@ paths: content: application/json: schema: - type: object - properties: - schema: - additionalProperties: true - description: Schema object - example: - foo: bar - type: object + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Request' required: true responses: '200': content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Response_200' description: Successful response '400': content: @@ -9266,8 +5041,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmSettingsAgentConfiguration_Put_Response_200' description: Successful response '400': content: @@ -9686,8 +5460,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/ApiApmSourcemaps_Delete_Response_200' description: Successful response '400': content: @@ -9771,16 +5544,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - description: True if the record was deleted or false if the record did not exist. - type: boolean - record: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' - description: The deleted record if it existed. - required: - - deleted + $ref: '#/components/schemas/ApiAssetCriticality_Delete_Response_200' description: Successful response '400': description: Invalid request @@ -9848,19 +5612,7 @@ paths: content: application/json: schema: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - - type: object - properties: - refresh: - description: If 'wait_for' the request will wait for the index refresh. - enum: - - wait_for - type: string - example: - criticality_level: high_impact - id_field: host.name - id_value: my_host + $ref: '#/components/schemas/ApiAssetCriticality_Post_Request' required: true responses: '200': @@ -9894,55 +5646,13 @@ paths: content: application/json: schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 - type: object - properties: - records: - items: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - - type: object - properties: - criticality_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload' - required: - - criticality_level - maxItems: 1000 - minItems: 1 - type: array - required: - - records + $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Request' responses: '200': content: application/json: schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' - type: array - stats: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' - required: - - errors - - stats + $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Response_200' description: Bulk upload successful '413': description: File too large @@ -10010,52 +5720,7 @@ paths: content: application/json: schema: - example: - page: 1 - per_page: 10 - records: - - '@timestamp': '2024-08-02T14:40:35.705Z' - asset: - criticality: medium_impact - criticality_level: medium_impact - host: - asset: - criticality: medium_impact - name: my_other_host - id_field: host.name - id_value: my_other_host - - '@timestamp': '2024-08-02T11:15:34.290Z' - asset: - criticality: high_impact - criticality_level: high_impact - host: - asset: - criticality: high_impact - name: my_host - id_field: host.name - id_value: my_host - total: 2 - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total + $ref: '#/components/schemas/ApiAssetCriticalityList_Get_Response_200' description: Successfully retrieved asset criticality records summary: List asset criticality records tags: @@ -10078,49 +5743,7 @@ paths: content: application/json: schema: - type: object - properties: - update: - description: Configuration object containing all parameters for the bulk update operation - type: object - properties: - enable_field_rendering: - default: false - description: Enables a markdown syntax used to render pivot fields, for example `{{ user.name james }}`. When disabled, the same example would be rendered as `james`. This is primarily used for Attack discovery views within Kibana. Defaults to `false`. - example: false - type: boolean - ids: - description: Array of Attack discovery IDs to update - example: - - c0c8a8bbb4a6561856a974ee9e461f0c82e673a1f0d83f86c5a8d80fc8de4c4f - - 5aa8f2900c0b03854b3b1a52a19558c5ea9893865c78235d4ad3dcc46196f4c7 - items: - type: string - type: array - kibana_alert_workflow_status: - description: When provided, update the kibana.alert.workflow_status of the attack discovery alerts - enum: - - open - - acknowledged - - closed - example: acknowledged - type: string - visibility: - description: When provided, update the visibility of the alert, as determined by the kibana.alert.attack_discovery.users field - enum: - - not_shared - - shared - example: shared - type: string - with_replacements: - default: true - description: When true, returns the updated Attack discoveries with text replacements applied to the detailsMarkdown, entitySummaryMarkdown, summaryMarkdown, and title fields. This substitutes anonymized values with human-readable equivalents. Defaults to `true`. - example: true - type: boolean - required: - - ids - required: - - update + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Request' description: Bulk update parameters for Attack discoveries required: true responses: @@ -10128,38 +5751,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of updated Attack discovery alert objects. Each item includes the applied modifications from the bulk update request. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - required: - - data + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Response_200' description: Successful response containing the updated Attack discovery alerts '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the bulk update request - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Response_400' description: Generic Error summary: Bulk update Attack discoveries tags: @@ -10330,61 +5928,13 @@ paths: content: application/json: schema: - type: object - properties: - connector_names: - description: List of human readable connector names that are present in the matched Attack discoveries. Useful for building client filters or summaries. - items: - type: string - type: array - data: - description: Array of matched Attack discovery objects. Each item follows the `AttackDiscoveryApiAlert` schema. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - page: - description: Current page number of the paginated result set. - type: integer - per_page: - description: Number of items requested per page. - type: integer - total: - description: Total number of Attack discoveries matching the query (across all pages). - type: integer - unique_alert_ids: - description: List of unique alert IDs aggregated from the matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. - items: - type: string - type: array - unique_alert_ids_count: - description: Number of unique alert IDs across all matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. - type: integer - required: - - connector_names - - data - - page - - per_page - - total - - unique_alert_ids_count + $ref: '#/components/schemas/ApiAttackDiscoveryFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid request payload. - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoveryFind_Get_Response_400' description: Generic Error summary: Find Attack discoveries that match the search criteria tags: @@ -10422,37 +5972,13 @@ paths: content: application/json: schema: - type: object - properties: - execution_uuid: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier for the attack discovery generation process. Use this UUID to track the generation progress and retrieve results via the find endpoint. - example: edd26039-0990-4d9f-9829-2a1fcacb77b5 - required: - - execution_uuid + $ref: '#/components/schemas/ApiAttackDiscoveryGenerate_Post_Response_200' description: Attack discovery generation initiated successfully '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerate_Post_Response_400' description: Bad request - Invalid input parameters or configuration summary: Generate attack discoveries from alerts tags: @@ -11441,34 +6967,13 @@ paths: content: application/json: schema: - type: object - properties: - generations: - description: List of attack discovery generations - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' - type: array - required: - - generations + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid size parameter. Must be a positive number. - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_400' description: Bad request summary: Get the latest attack discovery generations metadata for the current user tags: @@ -11524,41 +7029,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of Attack discoveries generated during this execution. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' - type: array - generation: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' - description: Optional metadata about the attack discovery generation process, metadata including execution status and statistics. This metadata may not be available for all generations. - required: - - data + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_200_1' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the request - example: Invalid request parameters - type: string - status_code: - description: HTTP status code - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerations_Get_Response_400_1' description: Generic Error summary: Get a single Attack discovery generation, including its discoveries and (optional) generation metadata tags: @@ -11598,92 +7075,13 @@ paths: content: application/json: schema: - type: object - properties: - alerts_context_count: - description: The number of alerts that were sent as context to the LLM for this generation. - example: 75 - type: number - connector_id: - description: The unique identifier of the connector used to generate the attack discoveries. - example: chatGpt5_0ChatAzure - type: string - connector_stats: - description: Statistical information about the connector's performance for this user, providing insights into usage patterns and success rates. - type: object - properties: - average_successful_duration_nanoseconds: - description: The average duration in nanoseconds for successful generations using this connector by the current user. - example: 47958500000 - type: number - successful_generations: - description: The total number of Attack discoveries successfully created for this generation - example: 2 - type: number - discoveries: - description: The number of attack discoveries that were generated during this execution. - example: 3 - type: number - end: - description: The timestamp when the generation process completed, in ISO 8601 format. This field may be absent for generations that haven't finished. - example: '2025-09-29T06:42:44.810Z' - type: string - execution_uuid: - description: The unique identifier for this attack discovery generation execution. This UUID can be used to reference this specific generation in other API calls. - example: 46b218d5-535d-4329-be56-d0f6af6986b7 - type: string - loading_message: - description: A human-readable message describing the current state or progress of the generation process. Provides context about what the AI is analyzing. - example: AI is analyzing up to 100 alerts in the last 24 hours to generate discoveries. - type: string - reason: - description: Additional context or reasoning provided when a generation fails or encounters issues. This field helps diagnose problems with the generation process. - example: Connection timeout to AI service - type: string - start: - description: The timestamp when the generation process began, in ISO 8601 format. This marks the beginning of the AI analysis. - example: '2025-09-29T06:42:08.962Z' - type: string - status: - description: The current status of the attack discovery generation. After dismissing, this will be set to "dismissed". - enum: - - canceled - - dismissed - - failed - - started - - succeeded - example: dismissed - type: string - required: - - connector_id - - discoveries - - execution_uuid - - loading_message - - start - - status + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_200' description: Successful response - The attack discovery generation has been dismissed '400': content: application/json: schema: - type: object - properties: - error: - description: Error type or category - example: Bad Request - type: string - message: - description: Human-readable error message describing what went wrong with the request. - example: Invalid request parameters - type: string - status_code: - description: HTTP status code indicating the type of client error - example: 400 - type: number - required: - - status_code - - error - - message + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_400' description: Generic Error summary: Dismiss an attack discovery generation tags: @@ -11865,46 +7263,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: Array of matched Attack discovery schedule objects. - items: - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiSchedule' - type: array - page: - description: Current page number of the paginated result set. - type: number - per_page: - description: Number of items requested per page. - type: number - total: - description: Total number of Attack discovery schedules matching the query (across all pages). - type: number - required: - - page - - per_page - - total - - data + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - type: object - properties: - error: - description: Error type - example: Bad Request - type: string - message: - description: Human-readable error message - example: Invalid request payload - type: string - status_code: - description: HTTP status code - example: 400 - type: number + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesFind_Get_Response_400' description: Generic Error summary: Finds Attack discovery schedules that match the search criteria tags: @@ -11946,13 +7311,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the deleted Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedules_Delete_Response_200' description: Successfully deleted Attack Discovery schedule, returning the ID of the deleted schedule for confirmation '400': content: @@ -12185,13 +7544,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the disabled Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesDisable_Post_Response_200' description: Successfully disabled Attack Discovery schedule, returning the schedule ID for confirmation '400': content: @@ -12243,13 +7596,7 @@ paths: example: id: 12345678-1234-1234-1234-123456789012 schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' - description: The unique identifier of the enabled Attack Discovery schedule - required: - - id + $ref: '#/components/schemas/ApiAttackDiscoverySchedulesEnable_Post_Response_200' description: Successfully enabled Attack Discovery schedule, returning the schedule ID for confirmation '400': content: @@ -12440,25 +7787,7 @@ paths: findCaseResponse: $ref: '#/components/examples/Cases_find_case_response' schema: - type: object - properties: - cases: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - maxItems: 10000 - type: array - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer + $ref: '#/components/schemas/ApiCasesFind_Get_Response_200' description: Indicates a successful call. '401': content: @@ -12751,9 +8080,7 @@ paths: getCaseCommentResponse: $ref: '#/components/examples/Cases_get_comment_response' schema: - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' + $ref: '#/components/schemas/ApiCasesComments_Get_Response_200' description: Indicates a successful call. '401': content: @@ -12786,8 +8113,7 @@ paths: content: application/json: schema: - nullable: true - type: object + $ref: '#/components/schemas/ApiCasesConnectorPush_Post_Request' responses: '200': content: @@ -12879,19 +8205,7 @@ paths: findCaseActivityResponse: $ref: '#/components/examples/Cases_find_case_activity_response' schema: - type: object - properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - items: - $ref: '#/components/schemas/Cases_user_actions_find_response_properties' - maxItems: 10000 - type: array + $ref: '#/components/schemas/ApiCasesUserActionsFind_Get_Response_200' description: Indicates a successful call. '401': content: @@ -12928,14 +8242,7 @@ paths: - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 title: security_case items: - type: object - properties: - id: - description: The case identifier. - type: string - title: - description: The case title. - type: string + $ref: '#/components/schemas/ApiCasesAlerts_Get_Response_200_Item' maxItems: 10000 type: array description: Indicates a successful call. @@ -12974,142 +8281,7 @@ paths: $ref: '#/components/examples/Cases_get_case_configuration_response' schema: items: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Item' type: array description: Indicates a successful call. '401': @@ -13152,142 +8324,7 @@ paths: setCaseConfigResponse: $ref: '#/components/examples/Cases_set_case_configuration_response' schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200' description: Indicates a successful call. '401': content: @@ -13331,142 +8368,7 @@ paths: updateCaseConfigurationResponse: $ref: '#/components/examples/Cases_update_case_configuration_response' schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200' description: Indicates a successful call. '401': content: @@ -13500,30 +8402,7 @@ paths: $ref: '#/components/examples/Cases_find_connector_response' schema: items: - type: object - properties: - actionTypeId: - $ref: '#/components/schemas/Cases_connector_types' - config: - additionalProperties: true - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - id: - type: string - isDeprecated: - type: boolean - isMissingSecrets: - type: boolean - isPreconfigured: - type: boolean - name: - type: string - referencedByCount: - type: integer + $ref: '#/components/schemas/ApiCasesConfigureConnectorsFind_Get_Response_200_Item' maxItems: 1000 type: array description: Indicates a successful call. @@ -13555,27 +8434,7 @@ paths: $ref: '#/components/examples/Cases_get_reporters_response' schema: items: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/ApiCasesReporters_Get_Response_200_Item' maxItems: 10000 type: array description: Indicates a successful call. @@ -13640,25 +8499,7 @@ paths: getAllDataViewsResponse: $ref: '#/components/examples/Data_views_get_data_views_response' schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array + $ref: '#/components/schemas/ApiDataViews_Get_Response_200' description: Indicates a successful call. '400': content: @@ -13838,23 +8679,14 @@ paths: updateFieldsMetadataRequest: $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Response_200' description: Indicates a successful call. '400': content: @@ -13881,26 +8713,14 @@ paths: createRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request' required: true responses: '200': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Response_200' description: Indicates a successful call. summary: Create a runtime field tags: @@ -13932,33 +8752,14 @@ paths: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200' description: Indicates a successful call. '400': content: @@ -14018,14 +8819,7 @@ paths: getRuntimeFieldResponse: $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200' description: Indicates a successful call. '404': content: @@ -14057,19 +8851,7 @@ paths: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_1' required: true responses: '200': @@ -14103,10 +8885,7 @@ paths: getDefaultDataViewResponse: $ref: '#/components/examples/Data_views_get_default_data_view_response' schema: - type: object - properties: - data_view_id: - type: string + $ref: '#/components/schemas/ApiDataViewsDefault_Get_Response_200' description: Indicates a successful call. '400': content: @@ -14137,29 +8916,14 @@ paths: setDefaultDataViewRequest: $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: - type: object - properties: - data_view_id: - description: | - The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id + $ref: '#/components/schemas/ApiDataViewsDefault_Post_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean + $ref: '#/components/schemas/ApiDataViewsDefault_Post_Response_200' description: Indicates a successful call. '400': content: @@ -14206,26 +8970,7 @@ paths: content: application/json: schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200' description: Indicates a successful call. summary: Swap saved object references tags: @@ -14260,19 +9005,7 @@ paths: content: application/json: schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + $ref: '#/components/schemas/ApiDataViewsSwapReferencesPreview_Post_Response_200' description: Indicates a successful call. summary: Preview a saved object reference swap tags: @@ -14288,12 +9021,7 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiDetectionEngineIndex_Delete_Response_200' description: Successful response '401': content: @@ -14343,16 +9071,7 @@ paths: index_mapping_outdated: false name: .alerts-security.alerts-default schema: - type: object - properties: - index_mapping_outdated: - nullable: true - type: boolean - name: - type: string - required: - - name - - index_mapping_outdated + $ref: '#/components/schemas/ApiDetectionEngineIndex_Get_Response_200' description: Successful response '401': content: @@ -14397,12 +9116,7 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiDetectionEngineIndex_Post_Response_200' description: Successful response '401': content: @@ -14495,15 +9209,7 @@ paths: is_authenticated: true username: elastic schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key + $ref: '#/components/schemas/ApiDetectionEnginePrivileges_Get_Response_200' description: Successful response '401': content: @@ -16101,15 +10807,7 @@ paths: end_date: '2025-03-10T23:59:59.999Z' start_date: '2025-03-01T00:00:00.000Z' schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' - - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps' - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' + $ref: '#/components/schemas/ApiDetectionEngineRulesBulkAction_Post_Request' responses: '200': content: @@ -16748,9 +11446,7 @@ paths: rules_count: 1 success: true schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesBulkAction_Post_Response_200' description: OK summary: Apply a bulk action to detection rules tags: @@ -16799,21 +11495,7 @@ paths: content: application/json: schema: - nullable: true - type: object - properties: - objects: - description: Array of objects with a rule's `rule_id` field. Do not use rule's `id` here. Exports all rules when unspecified. - items: - type: object - properties: - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - required: - - rule_id - type: array - required: - - objects + $ref: '#/components/schemas/ApiDetectionEngineRulesExport_Post_Request' required: false responses: '200': @@ -17003,27 +11685,7 @@ paths: perPage: 5 total: 4 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_WarningSchema' - type: array - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiDetectionEngineRulesFind_Get_Response_200' description: | Successful response > info @@ -17097,12 +11759,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string + $ref: '#/components/schemas/ApiDetectionEngineRulesImport_Post_Request' required: true responses: '200': @@ -17120,55 +11777,7 @@ paths: success: true success_count: 1 schema: - additionalProperties: false - type: object - properties: - action_connectors_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: '#/components/schemas/Security_Detections_API_WarningSchema' - type: array - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count + $ref: '#/components/schemas/ApiDetectionEngineRulesImport_Post_Response_200' description: Indicates a successful call. summary: Import detection rules tags: @@ -17208,36 +11817,7 @@ paths: content: application/json: schema: - example: - items: - - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple - type: object - properties: - items: - items: - $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' - type: array - required: - - items + $ref: '#/components/schemas/ApiDetectionEngineRulesExceptions_Post_Request' description: Rule exception items. required: true responses: @@ -17295,9 +11875,7 @@ paths: message: '[request params]: id: Invalid uuid' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesExceptions_Post_Response_400' description: Invalid input data response '401': content: @@ -17372,30 +11950,7 @@ paths: timelines_installed: 5 timelines_updated: 2 schema: - additionalProperties: false - type: object - properties: - rules_installed: - description: The number of rules installed - minimum: 0 - type: integer - rules_updated: - description: The number of rules updated - minimum: 0 - type: integer - timelines_installed: - description: The number of timelines installed - minimum: 0 - type: integer - timelines_updated: - description: The number of timelines updated - minimum: 0 - type: integer - required: - - rules_installed - - rules_updated - - timelines_installed - - timelines_updated + $ref: '#/components/schemas/ApiDetectionEngineRulesPrepackaged_Put_Response_200' description: Indicates a successful call summary: Install prebuilt detection rules and Timelines tags: @@ -17431,45 +11986,7 @@ paths: timelines_not_installed: 0 timelines_not_updated: 0 schema: - additionalProperties: false - type: object - properties: - rules_custom_installed: - description: The total number of custom rules - minimum: 0 - type: integer - rules_installed: - description: The total number of installed prebuilt rules - minimum: 0 - type: integer - rules_not_installed: - description: The total number of available prebuilt rules that are not installed - minimum: 0 - type: integer - rules_not_updated: - description: The total number of outdated prebuilt rules - minimum: 0 - type: integer - timelines_installed: - description: The total number of installed prebuilt timelines - minimum: 0 - type: integer - timelines_not_installed: - description: The total number of available prebuilt timelines that are not installed - minimum: 0 - type: integer - timelines_not_updated: - description: The total number of outdated prebuilt timelines - minimum: 0 - type: integer - required: - - rules_custom_installed - - rules_installed - - rules_not_installed - - rules_not_updated - - timelines_installed - - timelines_not_installed - - timelines_not_updated + $ref: '#/components/schemas/ApiDetectionEngineRulesPrepackagedStatus_Get_Response_200' description: Indicates a successful call summary: Retrieve the status of prebuilt detection rules and Timelines tags: @@ -17491,33 +12008,7 @@ paths: content: application/json: schema: - anyOf: - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - - allOf: - - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' - - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - discriminator: - propertyName: type + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request' description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: @@ -17525,26 +12016,13 @@ paths: content: application/json: schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' - type: array - previewId: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' - required: - - logs + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Response_400' description: Invalid input data response '401': content: @@ -17643,19 +12121,7 @@ paths: content: application/json: schema: - example: - migration_ids: - - 924f7c50-505f-11eb-ae0a-3fa2e626a51d - type: object - properties: - migration_ids: - description: Array of `migration_id`s to finalize. - items: - type: string - minItems: 1 - type: array - required: - - migration_ids + $ref: '#/components/schemas/ApiDetectionEngineSignalsFinalizeMigration_Post_Request' description: Array of `migration_id`s to finalize required: true responses: @@ -17682,9 +12148,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsFinalizeMigration_Post_Response_400' description: Invalid input data response '401': content: @@ -17726,19 +12190,7 @@ paths: content: application/json: schema: - example: - migration_ids: - - 924f7c50-505f-11eb-ae0a-3fa2e626a51d - type: object - properties: - migration_ids: - description: Array of `migration_id`s to cleanup. - items: - type: string - minItems: 1 - type: array - required: - - migration_ids + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Delete_Request' description: Array of `migration_id`s to cleanup required: true responses: @@ -17764,9 +12216,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Delete_Response_400' description: Invalid input data response '401': content: @@ -17807,20 +12257,7 @@ paths: index: - .siem-signals-default-000001 schema: - allOf: - - type: object - properties: - index: - description: Array of index names to migrate. - items: - format: nonempty - minLength: 1 - type: string - minItems: 1 - type: array - required: - - index - - $ref: '#/components/schemas/Security_Detections_API_AlertsReindexOptions' + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Post_Request' description: Alerts migration parameters required: true responses: @@ -17835,25 +12272,13 @@ paths: migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d migration_index: .siem-signals-default-000001-r000016 schema: - type: object - properties: - indices: - items: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess' - - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationError' - - $ref: '#/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration' - type: array - required: - - indices + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Post_Response_400' description: Invalid input data response '401': content: @@ -17926,22 +12351,13 @@ paths: version: 16 version: 16 schema: - type: object - properties: - indices: - items: - $ref: '#/components/schemas/Security_Detections_API_IndexMigrationStatus' - type: array - required: - - indices + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigrationStatus_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsMigrationStatus_Get_Response_400' description: Invalid input data response '401': content: @@ -18039,17 +12455,13 @@ paths: timed_out: false took: 0 schema: - additionalProperties: true - description: Elasticsearch search response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsSearch_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsSearch_Post_Response_400' description: Invalid input data response '401': content: @@ -18121,9 +12533,7 @@ paths: should: [] status: closed schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' - - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Request' description: An object containing desired status and explicit alert ids or a query to select alerts required: true responses: @@ -18166,17 +12576,13 @@ paths: updated: 17 version_conflicts: 0 schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsStatus_Post_Response_400' description: Invalid input data response '401': content: @@ -18244,17 +12650,13 @@ paths: updated: 1, version_conflicts: 0, schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object + $ref: '#/components/schemas/ApiDetectionEngineSignalsTags_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiDetectionEngineSignalsTags_Post_Response_400' description: Invalid input data response '401': content: @@ -18342,22 +12744,7 @@ paths: rotateEncryptionKeyResponse: $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: - type: object - properties: - failed: - description: | - Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that Kibana failed to re-encrypt with the primary key. - type: number - successful: - description: | - Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. - - NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that Kibana may not need or may not be able to rotate encryption keys for all encrypted saved objects. - type: number - total: - description: | - Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. - type: number + $ref: '#/components/schemas/ApiEncryptedSavedObjectsRotateKey_Post_Response_200' description: Indicates a successful call. '400': content: @@ -18369,7 +12756,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiEncryptedSavedObjectsRotateKey_Post_Response_429' description: Already in progress. summary: Rotate a key for encrypted saved objects tags: @@ -18399,9 +12786,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointList_Post_Response_400' description: Invalid input data '401': content: @@ -18462,9 +12847,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Delete_Response_400' description: Invalid input data '401': content: @@ -18530,9 +12913,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Get_Response_400' description: Invalid input data '401': content: @@ -18578,34 +12959,7 @@ paths: content: application/json: schema: - type: object - properties: - comments: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' - default: [] - description: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' - entries: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' - item_id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' - meta: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' - os_types: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' - default: [] - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries + $ref: '#/components/schemas/ApiEndpointListItems_Post_Request' description: Exception list item's properties required: true responses: @@ -18619,9 +12973,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Post_Response_400' description: Invalid input data '401': content: @@ -18667,39 +13019,7 @@ paths: content: application/json: schema: - type: object - properties: - _version: - type: string - comments: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' - default: [] - description: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' - entries: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified - item_id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' - description: Either `id` or `item_id` must be specified - meta: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' - name: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' - os_types: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' - required: - - type - - name - - description - - entries + $ref: '#/components/schemas/ApiEndpointListItems_Put_Request' description: Exception list item's properties required: true responses: @@ -18713,9 +13033,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItems_Put_Response_400' description: Invalid input data '401': content: @@ -18801,36 +13119,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiEndpointListItemsFind_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiEndpointListItemsFind_Get_Response_400' description: Invalid input data '401': content: @@ -19036,33 +13331,7 @@ paths: schema: properties: data: - type: object - properties: - actionId: - type: string - agentId: - type: string - agentType: - type: string - created: - format: date-time - type: string - id: - type: string - mimeType: - type: string - name: - type: string - size: - type: number - status: - enum: - - AWAITING_UPLOAD - - UPLOADING - - READY - - UPLOAD_ERROR - - DELETED - type: string + $ref: '#/components/schemas/ApiEndpointActionFile_Get_Response_200_Data' description: OK summary: Get file information tags: @@ -19249,38 +13518,7 @@ paths: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/ApiEndpointActionIsolate_Post_Request' required: true responses: '200': @@ -19596,38 +13834,7 @@ paths: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/ApiEndpointActionUnisolate_Post_Request' required: true responses: '200': @@ -19825,10 +14032,7 @@ paths: content: application/json: schema: - type: object - properties: - note: - type: string + $ref: '#/components/schemas/ApiEndpointProtectionUpdatesNote_Post_Request' required: true responses: '200': @@ -19909,23 +14113,7 @@ paths: sortField: name total: 100 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointScript' - type: array - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize' - sortDirection: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SortDirection' - sortField: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiSortField' - total: - description: The total number of scripts matching the query - type: integer + $ref: '#/components/schemas/ApiEndpointScriptsLibrary_Get_Response_200' description: List of scripts response summary: Get a list of scripts tags: @@ -19949,12 +14137,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - type: boolean - required: - - deleted + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineDelete_Delete_Response_200' description: Successful response summary: Delete the Privilege Monitoring Engine tags: @@ -20026,21 +14209,13 @@ paths: content: application/json: schema: - type: object - properties: - success: - description: Indicates the scheduling was successful - type: boolean + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_200' description: Successful response '409': content: application/json: schema: - type: object - properties: - message: - description: Error message indicating the engine is already running - type: string + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_409' description: Conflict - Monitoring engine is already running summary: Schedule the Privilege Monitoring Engine tags: @@ -20062,32 +14237,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - type: object - properties: - message: - type: string - required: - - status - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' - users: - description: User statistics for privilege monitoring - type: object - properties: - current_count: - description: Current number of privileged users being monitored - type: integer - max_allowed: - description: Maximum number of privileged users allowed to be monitored - type: integer - required: - - current_count - - max_allowed - required: - - status + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200' description: Successful response summary: Health check on Privilege Monitoring tags: @@ -20167,40 +14317,13 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: The CSV file to upload. - format: binary - type: string - required: - - file + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsersCsv_Post_Request' responses: '200': content: application/json: schema: - example: - errors: - - index: 1 - message: Invalid monitored field - username: john.doe - stats: - failedOperations: 1 - successfulOperations: 1 - totalOperations: 2 - uploaded: 1 - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadErrorItem' - type: array - stats: - $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadStats' - required: - - errors - - stats + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsersCsv_Post_Response_200' description: Bulk upload successful '413': description: File too large @@ -20230,16 +14353,7 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - description: Indicates if the deletion was successful - type: boolean - message: - description: A message providing additional information about the deletion status - type: string - required: - - success + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringUsers_Delete_Response_200' description: User deleted successfully summary: Delete a monitored user tags: @@ -20325,12 +14439,7 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadInstall_Post_Response_200' description: Successful response summary: Installs the privileged access detection package for the Entity Analytics privileged user monitoring experience tags: @@ -20352,42 +14461,7 @@ paths: content: application/json: schema: - type: object - properties: - jobs: - items: - type: object - properties: - description: - type: string - job_id: - type: string - state: - enum: - - closing - - closed - - opened - - failed - - opening - type: string - required: - - job_id - - state - type: array - ml_module_setup_status: - enum: - - complete - - incomplete - type: string - package_installation_status: - enum: - - complete - - incomplete - type: string - required: - - package_installation_status - - ml_module_setup_status - - jobs + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200' description: Privileged access detection status retrieved summary: Gets the status of the privileged access detection package for the Entity Analytics privileged user monitoring experience tags: @@ -20408,54 +14482,7 @@ paths: content: application/json: schema: - type: object - properties: - delay: - default: 1m - description: The delay before the transform will run. - pattern: '[smdh]$' - type: string - docsPerSecond: - default: -1 - description: The number of documents per second to process. - type: integer - enrichPolicyExecutionInterval: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' - entityTypes: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - frequency: - default: 1m - description: The frequency at which the transform will run. - pattern: '[smdh]$' - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - lookbackPeriod: - default: 3h - description: The amount of time the transform looks back to calculate the aggregations. - pattern: '[smdh]$' - type: string - maxPageSearchSize: - default: 500 - description: The initial page size to use for the composite aggregation of each checkpoint. - type: integer - timeout: - default: 180s - description: The timeout for initializing the aggregating transform. - pattern: '[smdh]$' - type: string - timestampField: - default: '@timestamp' - description: The field to use as the timestamp. - type: string + $ref: '#/components/schemas/ApiEntityStoreEnable_Post_Request' description: Schema for the entity store initialization required: true responses: @@ -20463,14 +14490,7 @@ paths: content: application/json: schema: - type: object - properties: - engines: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - type: array - succeeded: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnable_Post_Response_200' description: Successful response '400': description: Invalid request @@ -20523,16 +14543,7 @@ paths: - user - service schema: - type: object - properties: - deleted: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - still_running: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array + $ref: '#/components/schemas/ApiEntityStoreEngines_Delete_Response_200' description: Successful response summary: Delete Entity Engines tags: @@ -20553,14 +14564,7 @@ paths: content: application/json: schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - type: array + $ref: '#/components/schemas/ApiEntityStoreEngines_Get_Response_200' description: Successful response summary: List the Entity Engines tags: @@ -20610,10 +14614,7 @@ paths: value: deleted: true schema: - type: object - properties: - deleted: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEngines_Delete_Response_200_1' description: Successful response summary: Delete the Entity Engine tags: @@ -20669,50 +14670,7 @@ paths: content: application/json: schema: - type: object - properties: - delay: - default: 1m - description: The delay before the transform will run. - pattern: '[smdh]$' - type: string - docsPerSecond: - default: -1 - description: The number of documents per second to process. - type: integer - enrichPolicyExecutionInterval: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - frequency: - default: 1m - description: The frequency at which the transform will run. - pattern: '[smdh]$' - type: string - indexPattern: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' - lookbackPeriod: - default: 3h - description: The amount of time the transform looks back to calculate the aggregations. - pattern: '[smdh]$' - type: string - maxPageSearchSize: - default: 500 - description: The initial page size to use for the composite aggregation of each checkpoint. - type: integer - timeout: - default: 180s - description: The timeout for initializing the aggregating transform. - pattern: '[smdh]$' - type: string - timestampField: - default: '@timestamp' - description: The field to use as the timestamp for the entity type. - type: string + $ref: '#/components/schemas/ApiEntityStoreEnginesInit_Post_Request' description: Schema for the engine initialization required: true responses: @@ -20751,10 +14709,7 @@ paths: content: application/json: schema: - type: object - properties: - started: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesStart_Post_Response_200' description: Successful response summary: Start an Entity Engine tags: @@ -20783,10 +14738,7 @@ paths: content: application/json: schema: - type: object - properties: - stopped: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesStop_Post_Response_200' description: Successful response summary: Stop an Entity Engine tags: @@ -20808,42 +14760,19 @@ paths: content: application/json: schema: - type: object - properties: - result: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' - type: array - success: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_200' description: Successful response '207': content: application/json: schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' - type: array - success: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_207' description: Partial successful response '500': content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_500' description: Error response summary: Apply DataView indices to all installed engines tags: @@ -20879,13 +14808,7 @@ paths: content: application/json: schema: - type: object - properties: - id: - description: Identifier of the entity to be deleted, commonly entity.id value. - type: string - required: - - id + $ref: '#/components/schemas/ApiEntityStoreEntities_Delete_Request' description: Schema for the deleting entity required: true responses: @@ -20893,10 +14816,7 @@ paths: content: application/json: schema: - type: object - properties: - deleted: - type: boolean + $ref: '#/components/schemas/ApiEntityStoreEntities_Delete_Response_200' description: Successful response. Entity deleted. '404': description: Entity Not Found. No entity with this ID and Type exists. @@ -21055,29 +14975,7 @@ paths: content: application/json: schema: - type: object - properties: - inspect: - $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total + $ref: '#/components/schemas/ApiEntityStoreEntitiesList_Get_Response_200' description: Entities returned successfully summary: List Entity Store Entities tags: @@ -21099,24 +14997,7 @@ paths: content: application/json: schema: - type: object - properties: - engines: - items: - allOf: - - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' - - type: object - properties: - components: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus' - type: array - type: array - status: - $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus' - required: - - status - - engines + $ref: '#/components/schemas/ApiEntityStoreStatus_Get_Response_200' description: Successful response summary: Get the status of the Entity Store tags: @@ -21208,9 +15089,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Delete_Response_400' description: Invalid input data response '401': content: @@ -21336,9 +15215,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Get_Response_400' description: Invalid input data response '401': content: @@ -21408,43 +15285,7 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: detection - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - default: [] - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - default: 1 - required: - - name - - description - - type + $ref: '#/components/schemas/ApiExceptionLists_Post_Request' description: Exception list's properties required: true responses: @@ -21544,9 +15385,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Post_Response_400' description: Invalid input data response '401': content: @@ -21614,46 +15453,7 @@ paths: content: application/json: schema: - example: - description: Different description - list_id: simple_list - name: Updated exception list name - os_types: - - linux - tags: - - draft malware - type: detection - type: object - properties: - _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. - type: string - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - meta: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - namespace_type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' - version: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' - required: - - name - - description - - type + $ref: '#/components/schemas/ApiExceptionLists_Put_Request' description: Exception list's properties required: true responses: @@ -21693,9 +15493,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionLists_Put_Response_400' description: Invalid input data response '401': content: @@ -21824,9 +15622,7 @@ paths: message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsDuplicate_Post_Response_400' description: Invalid input data response '401': content: @@ -21954,9 +15750,7 @@ paths: message: '[request query]: list_id: Required, namespace_type: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsExport_Post_Response_400' description: Invalid input data response '401': content: @@ -22113,26 +15907,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiExceptionListsFind_Get_Response_200' description: Successful response '400': content: @@ -22144,9 +15919,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -22226,15 +15999,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - example: | - {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} - {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} - format: binary - type: string + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Request' required: true responses: '200': @@ -22269,41 +16034,13 @@ paths: success_exception_list_items: true success_exception_lists: true, schema: - type: object - properties: - errors: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsImport_Post_Response_400' description: Invalid input data response '401': content: @@ -22423,13 +16160,7 @@ paths: content: application/json: schema: - example: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Delete_Response_400' description: Invalid input data response '401': content: @@ -22565,9 +16296,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Get_Response_400' description: Invalid input data response '401': content: @@ -22637,20 +16366,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEndpointList' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindowsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEventFilters' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemHostIsolation' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistMac' + $ref: '#/components/schemas/ApiExceptionListsItems_Post_Request' description: Exception list item's properties required: true responses: @@ -22852,9 +16568,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400, schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Post_Response_400' description: Invalid input data response '401': content: @@ -22922,20 +16636,7 @@ paths: content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEndpointList' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindowsMac' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEventFilters' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemHostIsolation' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistWindows' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistLinux' - - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistMac' + $ref: '#/components/schemas/ApiExceptionListsItems_Put_Request' description: Exception list item's properties required: true responses: @@ -22979,9 +16680,7 @@ paths: message: '[request body]: item_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItems_Put_Response_400' description: Invalid input data response '401': content: @@ -23165,28 +16864,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total + $ref: '#/components/schemas/ApiExceptionListsItemsFind_Get_Response_200' description: Successful response '400': content: @@ -23198,9 +16876,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsItemsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -23308,20 +16984,7 @@ paths: total: 0 windows: 0 schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer + $ref: '#/components/schemas/ApiExceptionListsSummary_Get_Response_200' description: Successful response '400': content: @@ -23333,9 +16996,7 @@ paths: message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionListsSummary_Get_Response_400' description: Invalid input data response '401': content: @@ -23406,24 +17067,7 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - required: - - name - - description + $ref: '#/components/schemas/ApiExceptionsShared_Post_Request' required: true responses: '200': @@ -23463,9 +17107,7 @@ paths: message: '[request body]: list_id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiExceptionsShared_Post_Response_400' description: Invalid input data response '401': content: @@ -23595,7 +17237,7 @@ paths: ] } schema: - type: object + $ref: '#/components/schemas/ApiFeatures_Get_Response_200' description: Indicates a successful call summary: Get features tags: @@ -23621,97 +17263,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_400' description: A bad request. summary: Get agent binary download sources tags: @@ -23741,141 +17299,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - name - - host + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_400' description: A bad request. summary: Create an agent binary download source tags: @@ -23912,34 +17348,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Delete_Response_400' description: A bad request. summary: Delete an agent binary download source tags: @@ -23968,85 +17383,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_400_1' description: A bad request. summary: Get an agent binary download source tags: @@ -24081,141 +17424,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - name - - host + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_400' description: A bad request. summary: Update an agent binary download source tags: @@ -24300,742 +17521,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_400' description: A bad request. summary: Get agent policies tags: @@ -25070,963 +17562,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - space_ids: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_400' description: A bad request. summary: Create an agent policy tags: @@ -26065,754 +17613,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - ignoreMissing: - type: boolean - required: - - ids + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_400' description: A bad request. summary: Bulk get agent policies tags: @@ -26850,730 +17663,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_400_1' description: A bad request. summary: Get an agent policy tags: @@ -27616,965 +17712,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - bumpRevision: - type: boolean - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - space_ids: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_400' description: A bad request. summary: Update an agent policy tags: @@ -28604,71 +17754,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - currentVersions: - items: - additionalProperties: false - type: object - properties: - agents: - description: Number of agents that upgraded to this version - type: number - failedUpgradeActionIds: - description: List of action IDs related to failed upgrades - items: - type: string - maxItems: 1000 - type: array - failedUpgradeAgents: - description: Number of agents that failed to upgrade to this version - type: number - inProgressUpgradeActionIds: - description: List of action IDs related to in-progress upgrades - items: - type: string - maxItems: 1000 - type: array - inProgressUpgradeAgents: - description: Number of agents that are upgrading to this version - type: number - version: - description: Agent version - type: string - required: - - version - - agents - - failedUpgradeAgents - - inProgressUpgradeAgents - maxItems: 10000 - type: array - totalAgents: - type: number - required: - - currentVersions - - totalAgents + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_400' description: A bad request. summary: Get auto upgrade agent status tags: @@ -28712,745 +17804,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - type: string - name: - minLength: 1 - type: string - required: - - name + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_internal: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_monitoring_runtime_experimental: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - maxItems: 100 - type: array - agentless: - additionalProperties: false - type: object - properties: - cloud_connectors: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - target_csp: - enum: - - aws - - azure - - gcp - type: string - required: - - enabled - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fips_agents: - type: number - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - maxItems: 10 - type: array - has_agent_version_conditions: - type: boolean - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - maxItems: 3 - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - maxItems: 100 - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - maxItems: 100 - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_400' description: A bad request. summary: Copy an agent policy tags: @@ -29501,43 +17867,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDownload_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDownload_Get_Response_404' description: Not found. summary: Download an agent policy tags: @@ -29582,508 +17918,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - additionalProperties: true - type: object - properties: - id: - type: string - required: - - key - sourceURI: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - target_directory: - type: string - timeout: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - internal: {} - limits: - additionalProperties: false - type: object - properties: - go_max_procs: - type: number - logging: - additionalProperties: false - type: object - properties: - files: - additionalProperties: false - type: object - properties: - interval: - type: string - keepfiles: - type: number - rotateeverybytes: - type: number - level: - type: string - metrics: - additionalProperties: false - type: object - properties: - period: - type: string - to_files: - type: boolean - monitoring: - additionalProperties: false - type: object - properties: - _runtime_experimental: - type: string - apm: {} - diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - pprof: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - - apm - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - - internal - connectors: - additionalProperties: {} - type: object - exporters: - additionalProperties: {} - type: object - extensions: - additionalProperties: {} - type: object - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - maxItems: 100 - type: array - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - additionalProperties: true - type: object - properties: - id: - type: string - required: - - key - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - maxItems: 100 - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - maxItems: 10000 - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - maxItems: 10000 - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - maxItems: 10000 - type: array - namespaces: - items: - type: string - maxItems: 100 - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 100 - type: array - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - proxy_url: - type: string - type: - type: string - required: - - type - type: object - processors: - additionalProperties: {} - type: object - receivers: - additionalProperties: {} - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 10000 - type: array - service: - additionalProperties: false - type: object - properties: - extensions: - items: - type: string - maxItems: 1000 - type: array - pipelines: - additionalProperties: - additionalProperties: false - type: object - properties: - exporters: - items: - type: string - maxItems: 1000 - type: array - processors: - items: - type: string - maxItems: 1000 - type: array - receivers: - items: - type: string - maxItems: 1000 - type: array - x-oas-optional: true - type: object - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_400' description: A bad request. summary: Get a full agent policy tags: @@ -30113,90 +17954,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - maxItems: 1000 - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_400' description: A bad request. summary: Get outputs for an agent policy tags: @@ -30227,52 +17991,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - force: - description: bypass validation checks that can prevent agent policy deletion - type: boolean - required: - - agentPolicyId + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesDelete_Post_Response_400' description: A bad request. summary: Delete an agent policy tags: @@ -30303,109 +18034,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - required: - - ids + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - maxItems: 1000 - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_400' description: A bad request. summary: Get outputs for agent policies tags: @@ -30442,71 +18083,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - orphaned: - type: number - other: - type: number - unenrolled: - type: number - uninstalled: - type: number - updating: - type: number - required: - - events - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active - required: - - results + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_400' description: A bad request. summary: Get an agent status summary tags: @@ -30563,50 +18146,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - dataPreview: - items: {} - maxItems: 10000 - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - maxItems: 10000 - type: array - required: - - items - - dataPreview + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_400' description: A bad request. summary: Get incoming agent data tags: @@ -30779,207 +18325,7 @@ paths: deployment: azure posture: cspm schema: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - cloud_connector: - additionalProperties: false - type: object - properties: - cloud_connector_id: - description: ID of an existing cloud connector to reuse. If not provided, a new connector will be created. - type: string - enabled: - default: false - description: Whether cloud connectors are enabled for this policy. - type: boolean - name: - description: Optional name for the cloud connector. If not provided, will be auto-generated from credentials. - maxLength: 255 - minLength: 1 - type: string - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_template: - description: The policy template to use for the agentless package policy. If not provided, the default policy template will be used. - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request' responses: '200': content: @@ -31124,445 +18470,7 @@ paths: posture: cspm version: WzE0OTgsMV0= schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - description: The created agentless package policy. - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200' description: Indicates a successful response '400': content: @@ -31575,22 +18483,7 @@ paths: message: An error message describing what went wrong statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_400' description: Bad Request '409': content: @@ -31603,22 +18496,7 @@ paths: message: An error message describing what went wrong statusCode: 409 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_409' description: Conflict summary: Create an agentless policy tags: @@ -31669,15 +18547,7 @@ paths: item: id: d52a7812-5736-4fdc-aed8-72152afa1ffa schema: - additionalProperties: false - description: Response for deleting an agentless package policy. - type: object - properties: - id: - description: The ID of the deleted agentless package policy. - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_200' description: Indicates a successful response '400': content: @@ -31690,22 +18560,7 @@ paths: message: An error message describing what went wrong statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_400' description: Bad Request '409': content: @@ -31718,22 +18573,7 @@ paths: message: An error message describing what went wrong statusCode: 409 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Delete_Response_409' description: Conflict summary: Delete an agentless policy tags: @@ -31838,373 +18678,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - maxItems: 10000 - type: array - nextSearchAfter: - type: string - page: - type: number - perPage: - type: number - pit: - type: string - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_400' description: A bad request. summary: Get agents tags: @@ -32234,52 +18714,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - maxItems: 1000 - type: array - required: - - actionIds + $ref: '#/components/schemas/ApiFleetAgents_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgents_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Post_Response_400' description: A bad request. summary: Get agents by action ids tags: @@ -32316,36 +18763,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: '#/components/schemas/ApiFleetAgents_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Delete_Response_400' description: A bad request. summary: Delete an agent tags: @@ -32380,353 +18804,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_400_1' description: A bad request. summary: Get an agent tags: @@ -32761,369 +18845,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - tags: - items: - type: string - maxItems: 10 - type: array - user_provided_metadata: - additionalProperties: {} - type: object + $ref: '#/components/schemas/ApiFleetAgents_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - - '' - type: string - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - required: - - id - - type - - status - - message - maxItems: 10000 - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - last_known_status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - maxItems: 100 - type: array - type: - type: string - type: object - packages: - items: - type: string - maxItems: 10000 - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: {} - maxItems: 10 - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - maxItems: 100 - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - maxItems: 3 - nullable: true - type: array - upgrade: - additionalProperties: false - type: object - properties: - rollbacks: - items: - additionalProperties: false - type: object - properties: - valid_until: - type: string - version: - type: string - required: - - valid_until - - version - maxItems: 100 - type: array - upgrade_attempts: - items: - type: string - maxItems: 10000 - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_400' description: A bad request. summary: Update an agent by ID tags: @@ -33159,125 +18893,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data - required: - - action + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - maxItems: 10000 - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_400' description: A bad request. summary: Create an agent action tags: @@ -33313,87 +18941,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enrollment_token: - type: string - settings: - additionalProperties: false - type: object - properties: - ca_sha256: - type: string - certificate_authorities: - type: string - elastic_agent_cert: - type: string - elastic_agent_cert_key: - type: string - elastic_agent_cert_key_passphrase: - type: string - headers: - additionalProperties: - type: string - type: object - insecure: - type: boolean - proxy_disabled: - type: boolean - proxy_headers: - additionalProperties: - type: string - type: object - proxy_url: - type: string - replace_token: - type: string - staging: - type: string - tags: - items: - type: string - maxItems: 10 - type: array - uri: - format: uri - type: string - required: - - uri - - enrollment_token + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Response_400' description: A bad request. summary: Migrate a single agent tags: @@ -33437,20 +18997,7 @@ paths: password: password username: username schema: - additionalProperties: false - nullable: true - type: object - properties: - user_info: - additionalProperties: false - type: object - properties: - groupname: - type: string - password: - type: string - username: - type: string + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Request' responses: '200': content: @@ -33460,21 +19007,7 @@ paths: value: actionId: actionId schema: - anyOf: - - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -33484,22 +19017,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_400' description: A bad request. summary: Change agent privilege level tags: @@ -33536,42 +19054,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: {} + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsReassign_Post_Response_400' description: A bad request. summary: Reassign an agent tags: @@ -33607,50 +19102,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - maxItems: 1 - type: array + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsRequestDiagnostics_Post_Response_400' description: A bad request. summary: Request agent diagnostics tags: @@ -33692,21 +19156,7 @@ paths: value: actionId: actionId schema: - anyOf: - - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -33716,22 +19166,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_400' description: A bad request. summary: Rollback an agent tags: @@ -33768,14 +19203,7 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean + $ref: '#/components/schemas/ApiFleetAgentsUnenroll_Post_Request' responses: {} summary: Unenroll an agent tags: @@ -33811,48 +19239,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: {} + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsUpgrade_Post_Response_400' description: A bad request. summary: Upgrade an agent tags: @@ -33882,67 +19281,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_400' description: A bad request. summary: Get agent uploads tags: @@ -33995,134 +19340,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - is_automatic: - type: boolean - latestErrors: - items: - additionalProperties: false - description: latest errors that happened when the agents executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - maxItems: 10 - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - - MIGRATE - - PRIVILEGE_LEVEL_CHANGE - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_400' description: A bad request. summary: Get an agent action status tags: @@ -34159,74 +19383,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - maxItems: 10000 - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - maxItems: 100 - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_400' description: A bad request. summary: Cancel an agent action tags: @@ -34251,37 +19414,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsAvailableVersions_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsAvailableVersions_Get_Response_400' description: A bad request. summary: Get available agent versions tags: @@ -34312,95 +19451,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - enrollment_token: - type: string - settings: - additionalProperties: false - type: object - properties: - ca_sha256: - type: string - certificate_authorities: - type: string - elastic_agent_cert: - type: string - elastic_agent_cert_key: - type: string - elastic_agent_cert_key_passphrase: - type: string - headers: - additionalProperties: - type: string - type: object - insecure: - type: boolean - proxy_disabled: - type: boolean - proxy_headers: - additionalProperties: - type: string - type: object - proxy_url: - type: string - staging: - type: string - tags: - items: - type: string - maxItems: 10 - type: array - uri: - format: uri - type: string - required: - - agents - - uri - - enrollment_token + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Response_400' description: A bad request. summary: Migrate multiple agents tags: @@ -34439,30 +19502,7 @@ paths: password: password username: username schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - user_info: - additionalProperties: false - type: object - properties: - groupname: - type: string - password: - type: string - username: - type: string - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request' responses: '200': content: @@ -34472,13 +19512,7 @@ paths: value: actionId: actionId schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -34488,22 +19522,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_400' description: A bad request. summary: Bulk change agent privilege level tags: @@ -34535,59 +19554,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Response_400' description: A bad request. summary: Bulk reassign agents tags: @@ -34618,60 +19597,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - maxItems: 1 - type: array - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Response_400' description: A bad request. summary: Bulk request diagnostics from agents tags: @@ -34710,23 +19648,7 @@ paths: batchSize: 100 includeInactive: false schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request' responses: '200': content: @@ -34738,16 +19660,7 @@ paths: - actionId1 - actionId2 schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - maxItems: 10000 - type: array - required: - - actionIds + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -34757,22 +19670,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Response_400' description: A bad request. summary: Bulk rollback agents tags: @@ -34804,64 +19702,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: list of agent IDs - type: string - maxItems: 10000 - type: array - - description: KQL query string, leave empty to action all agents - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: When passing agents by KQL query, unenrolls inactive agents too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Response_400' description: A bad request. summary: Bulk unenroll agents tags: @@ -34892,66 +19745,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - maxItems: 10 - type: array - tagsToRemove: - items: - type: string - maxItems: 10 - type: array - required: - - agents + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Response_400' description: A bad request. summary: Bulk update agent tags tags: @@ -34982,70 +19788,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - maxItems: 10000 - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: - type: string - required: - - agents - - version + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Response_400' description: A bad request. summary: Bulk upgrade agents tags: @@ -35082,37 +19837,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - deleted: - type: boolean - id: - type: string - required: - - id - - deleted + $ref: '#/components/schemas/ApiFleetAgentsFiles_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsFiles_Delete_Response_400' description: A bad request. summary: Delete an uploaded file tags: @@ -35147,28 +19878,13 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiFleetAgentsFiles_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsFiles_Get_Response_400' description: A bad request. summary: Get an uploaded file tags: @@ -35193,65 +19909,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. - type: object - properties: - is_action_secrets_storage_enabled: - type: boolean - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - is_ssl_secrets_storage_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - maxItems: 1 - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - maxItems: 5 - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features + $ref: '#/components/schemas/ApiFleetAgentsSetup_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsSetup_Get_Response_400' description: A bad request. summary: Get agent setup info tags: @@ -35282,50 +19946,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - maxItems: 10000 - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_400' description: A bad request. summary: Initiate agent setup tags: @@ -35361,37 +19988,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetAgentsTags_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetAgentsTags_Get_Response_400' description: A bad request. summary: Get agent tags tags: @@ -35413,40 +20016,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetCheckPermissions_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCheckPermissions_Get_Response_400' description: A bad request. summary: Check permissions tags: @@ -35495,66 +20071,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_400' description: A bad request. summary: Get cloud connectors tags: @@ -35585,127 +20108,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - accountType: - description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' - enum: - - single-account - - organization-account - type: string - cloudProvider: - description: 'The cloud provider type: aws, azure, or gcp.' - enum: - - aws - - azure - - gcp - type: string - name: - description: The name of the cloud connector. - maxLength: 255 - minLength: 1 - type: string - vars: - additionalProperties: - anyOf: - - maxLength: 1000 - type: string - - type: number - - type: boolean - - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - maxLength: 50 - type: string - value: - anyOf: - - maxLength: 1000 - type: string - - additionalProperties: false - type: object - properties: - id: - maxLength: 255 - type: string - isSecretRef: - type: boolean - required: - - isSecretRef - - id - required: - - type - - value - type: object - required: - - name - - cloudProvider - - vars + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_400' description: A bad request. summary: Create cloud connector tags: @@ -35750,34 +20165,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetCloudConnectors_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Delete_Response_400' description: A bad request. summary: Delete cloud connector (supports force deletion) tags: @@ -35808,63 +20202,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_400_1' description: A bad request. summary: Get cloud connector tags: @@ -35901,116 +20245,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - accountType: - description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' - enum: - - single-account - - organization-account - type: string - name: - description: The name of the cloud connector. - maxLength: 255 - minLength: 1 - type: string - vars: - additionalProperties: - anyOf: - - maxLength: 1000 - type: string - - type: number - - type: boolean - - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - maxLength: 50 - type: string - value: - anyOf: - - maxLength: 1000 - type: string - - additionalProperties: false - type: object - properties: - id: - maxLength: 255 - type: string - isSecretRef: - type: boolean - required: - - isSecretRef - - id - required: - - type - - value - type: object + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - accountType: - type: string - cloudProvider: - type: string - created_at: - type: string - id: - type: string - name: - type: string - namespace: - type: string - packagePolicyCount: - type: number - updated_at: - type: string - vars: - additionalProperties: {} - type: object - required: - - id - - name - - cloudProvider - - vars - - packagePolicyCount - - created_at - - updated_at - required: - - item + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_400' description: A bad request. summary: Update cloud connector tags: @@ -36075,60 +20322,7 @@ paths: perPage: 20 total: 2 schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - name: - type: string - package: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - version: - type: string - required: - - name - - title - - version - policy_ids: - items: - type: string - maxItems: 10000 - type: array - updated_at: - type: string - required: - - id - - name - - policy_ids - - created_at - - updated_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200' description: 'OK: A successful request.' '400': content: @@ -36141,22 +20335,7 @@ paths: message: Cloud connector not found statusCode: 400 schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_400' description: A bad request. summary: Get cloud connector usage (package policies using the connector) tags: @@ -36182,97 +20361,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - maxItems: 10000 - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - maxItems: 10000 - type: array - required: - - data_streams + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_400' description: A bad request. summary: Get data streams tags: @@ -36314,111 +20409,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - maxItems: 10000 - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_400' description: A bad request. summary: Get enrollment API keys tags: @@ -36448,84 +20445,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_400' description: A bad request. summary: Create an enrollment API key tags: @@ -36562,36 +20494,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Delete_Response_400' description: A bad request. summary: Revoke an enrollment API key tags: @@ -36620,63 +20529,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - hidden: - type: boolean - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_400_1' description: A bad request. summary: Get an enrollment API key tags: @@ -36707,85 +20566,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - assetIds + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_400' description: A bad request. summary: Bulk get assets tags: @@ -36820,53 +20613,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_400' description: A bad request. summary: Get package categories tags: @@ -36897,138 +20650,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - maxItems: 10 - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_400' description: A bad request. summary: Create a custom integration tags: @@ -37064,18 +20698,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - categories: - items: - type: string - maxItems: 10 - type: array - readMeData: - type: string - required: - - readMeData + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Put_Request' responses: '200': description: 'OK: A successful request.' @@ -37083,22 +20706,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Put_Response_400' description: A bad request. summary: Update a custom integration tags: @@ -37154,43 +20762,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_400' description: A bad request. summary: Get data streams tags: @@ -37235,471 +20813,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - id - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400' description: A bad request. summary: Get packages tags: @@ -37748,103 +20868,13 @@ paths: content: application/gzip; application/zip: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200' description: 'OK: A successful request.' '400': content: application/gzip; application/zip: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_400' description: A bad request. summary: Install a package by upload tags: @@ -37880,171 +20910,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_400' description: A bad request. summary: Bulk install packages tags: @@ -38080,24 +20958,7 @@ paths: packages: - name: system schema: - additionalProperties: false - type: object - properties: - packages: - items: - additionalProperties: false - type: object - properties: - name: - description: Package name to rollback - type: string - required: - - name - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Request' responses: '200': content: @@ -38107,13 +20968,7 @@ paths: value: taskId: taskId schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -38123,22 +20978,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Response_400' description: A bad request. summary: Bulk rollback packages tags: @@ -38173,43 +21013,7 @@ paths: value: status: success schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200' description: 'OK: A successful request.' '400': content: @@ -38219,22 +21023,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_400' description: A bad request. summary: Get Bulk rollback packages details tags: @@ -38265,62 +21054,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - additionalProperties: false - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - maxItems: 1000 - minItems: 1 - type: array - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Response_400' description: A bad request. summary: Bulk uninstall packages tags: @@ -38351,64 +21097,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_400' description: A bad request. summary: Get Bulk uninstall packages details tags: @@ -38439,66 +21134,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - additionalProperties: false - type: object - properties: - name: - type: string - version: - type: string - required: - - name - maxItems: 1000 - minItems: 1 - type: array - prerelease: - type: boolean - upgrade_package_policies: - default: false - type: boolean - required: - - packages + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - taskId: - type: string - required: - - taskId + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Response_400' description: A bad request. summary: Bulk upgrade packages tags: @@ -38529,64 +21177,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - results: - items: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - name: - type: string - success: - type: boolean - required: - - name - - success - maxItems: 10000 - type: array - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_400' description: A bad request. summary: Get Bulk upgrade packages details tags: @@ -38633,91 +21230,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_400' description: A bad request. summary: Delete a package tags: @@ -38764,538 +21283,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - maxItems: 100 - type: array - asset_types: - items: - type: string - maxItems: 10 - type: array - text: - type: string - required: - - text - maxItems: 1000 - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - required: - - item + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400_1' description: A bad request. summary: Get a package tags: @@ -39358,118 +21352,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - name: - type: string - required: - - install_source - - name - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - items - - _meta + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_400_1' description: A bad request. summary: Install a package from the registry tags: @@ -39509,542 +21404,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - maxItems: 100 - type: array - asset_types: - items: - type: string - maxItems: 10 - type: array - text: - type: string - required: - - text - maxItems: 1000 - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - maxItems: 10 - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - maxItems: 10 - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - datasets: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - maxItems: 10 - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 100 - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - - knowledge_base - - esql_view - type: string - version: - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - originId: - type: string - type: - anyOf: - - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - - type: string - required: - - id - - type - maxItems: 10000 - type: array - installed_kibana_space_id: - type: string - is_rollback_ttl_expired: - type: boolean - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - maxItems: 10 - type: array - name: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - previous_version: - nullable: true - type: string - rolled_back: - type: boolean - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - maxItems: 100 - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - anyOf: - - enum: - - integration - type: string - - enum: - - input - type: string - - enum: - - content - type: string - - type: string - var_groups: - items: - additionalProperties: true - type: object - properties: - description: - type: string - name: - type: string - options: - items: - additionalProperties: true - type: object - properties: - description: - type: string - hide_in_deployment_modes: - items: - enum: - - default - - agentless - type: string - maxItems: 2 - type: array - name: - type: string - title: - type: string - vars: - items: - type: string - maxItems: 100 - type: array - required: - - name - - title - - vars - maxItems: 20 - type: array - selector_title: - type: string - title: - type: string - required: - - name - - title - - selector_title - - options - maxItems: 20 - type: array - vars: - items: - additionalProperties: {} - type: object - maxItems: 1000 - type: array - version: - type: string - required: - - name - - version - - title - - assets - required: - - item + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_400' description: A bad request. summary: Update package settings tags: @@ -40089,22 +21461,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_400_2' description: A bad request. summary: Get a package file tags: @@ -40151,34 +21508,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesDatastreamAssets_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesDatastreamAssets_Delete_Response_400' description: A bad request. summary: Delete assets for an input package tags: @@ -40220,34 +21556,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Delete_Response_400' description: A bad request. summary: Delete Kibana assets for a package tags: @@ -40287,52 +21602,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - space_ids: - description: When provided install assets in the specified spaces instead of the current space. - items: - type: string - maxItems: 100 - minItems: 1 - type: array + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesKibanaAssets_Post_Response_400' description: A bad request. summary: Install Kibana assets for a package tags: @@ -40373,45 +21655,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - required: - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesRuleAssets_Post_Response_400' description: A bad request. summary: Install Kibana alert rule for a package tags: @@ -40449,41 +21705,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - maxItems: 1000 - type: array - required: - - transforms + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -40491,22 +21720,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Response_400' description: A bad request. summary: Authorize transforms tags: @@ -40555,16 +21769,7 @@ paths: success: true version: 1.0.0 schema: - additionalProperties: false - type: object - properties: - success: - type: boolean - version: - type: string - required: - - version - - success + $ref: '#/components/schemas/ApiFleetEpmPackagesRollback_Post_Response_200' description: 'OK: A successful request.' '400': content: @@ -40574,22 +21779,7 @@ paths: value: message: Bad Request schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesRollback_Post_Response_400' description: A bad request. summary: Rollback a package to previous version tags: @@ -40620,43 +21810,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - package_policy_count: - type: number - required: - - agent_policy_count - - package_policy_count - required: - - response + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_400' description: A bad request. summary: Get package stats tags: @@ -40727,103 +21887,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - maxItems: 10000 - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - maxItems: 10 - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - maxItems: 10000 - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - maxItems: 2 - type: array - total: - type: number - required: - - items - - total + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_400' description: A bad request. summary: Get installed packages tags: @@ -40848,37 +21918,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetEpmPackagesLimited_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmPackagesLimited_Get_Response_400' description: A bad request. summary: Get a limited package list tags: @@ -40933,70 +21979,13 @@ paths: content: application/json: schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - maxItems: 10000 - type: array - type: - type: string - required: - - id - - type - maxItems: 10000 - type: array - required: - - inputs + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_400' description: A bad request. summary: Get an inputs template tags: @@ -41021,35 +22010,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetEpmVerificationKeyId_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetEpmVerificationKeyId_Get_Response_400' description: A bad request. summary: Get a package signature verification key ID tags: @@ -41074,149 +22041,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_400' description: A bad request. summary: Get Fleet Server hosts tags: @@ -41246,245 +22077,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_400' description: A bad request. summary: Create a Fleet Server host tags: @@ -41521,34 +22126,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Delete_Response_400' description: A bad request. summary: Delete a Fleet Server host tags: @@ -41577,137 +22161,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_400_1' description: A bad request. summary: Get a Fleet Server host tags: @@ -41742,238 +22202,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - proxy_id + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - agent_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - es_key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - nullable: true - type: object - properties: - agent_certificate: - type: string - agent_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - agent_key: - type: string - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - client_auth: - enum: - - optional - - required - - none - type: string - es_certificate: - type: string - es_certificate_authorities: - items: - type: string - maxItems: 10 - type: array - es_key: - type: string - key: - type: string - required: - - name - - host_urls - - id - required: - - item + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_400' description: A bad request. summary: Update a Fleet Server host tags: @@ -42004,71 +22245,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - host_id: - type: string - name: - type: string - status: - type: string - required: - - status + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetHealthCheck_Post_Response_404' description: Not found. summary: Check Fleet Server health tags: @@ -42108,34 +22303,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetKubernetes_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetes_Get_Response_400' description: A bad request. summary: Get a full K8s agent manifest tags: @@ -42181,43 +22355,13 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetesDownload_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetKubernetesDownload_Get_Response_404' description: Not found. summary: Download an agent manifest tags: @@ -42249,34 +22393,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key + $ref: '#/components/schemas/ApiFleetLogstashApiKeys_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetLogstashApiKeys_Post_Response_400' description: A bad request. summary: Generate a Logstash API key tags: @@ -42314,55 +22437,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_400' description: A bad request. '500': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_500' description: An internal server error. summary: Rotate a Fleet message signing key pair tags: @@ -42387,798 +22474,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_400' description: A bad request. summary: Get outputs tags: @@ -43208,1544 +22510,19 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_400' description: A bad request. summary: Create output tags: @@ -44782,55 +22559,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Delete_Response_404' description: Not found. summary: Delete output tags: @@ -44859,786 +22600,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_400_1' description: A bad request. summary: Get output tags: @@ -45673,1523 +22641,19 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - kibana_api_key: - nullable: true - type: string - kibana_url: - nullable: true - type: string - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - sync_integrations: - type: boolean - sync_uninstalled_integrations: - type: boolean - type: - enum: - - remote_elasticsearch - type: string - write_to_logs_streams: - nullable: true - type: boolean - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - maxItems: 1000 - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - maxItems: 100 - type: array - hosts: - items: - type: string - maxItems: 10 - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - hash: - type: string - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - maxItems: 10 - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_400' description: A bad request. summary: Update output tags: @@ -47219,43 +22683,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp + $ref: '#/components/schemas/ApiFleetOutputsHealth_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetOutputsHealth_Get_Response_400' description: A bad request. summary: Get the latest output health tags: @@ -47318,477 +22752,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_400' description: A bad request. summary: Get package policies tags: @@ -47824,971 +22794,25 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - maxItems: 1000 - type: array - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Deprecated. Use policy_ids instead. - nullable: true - type: string - policy_ids: - description: IDs of the agent policies which that package policy will be added to. - items: - type: string - maxItems: 1000 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package - description: You should use inputs as an object and not use the deprecated inputs array. + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_400' description: A bad request. '409': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_409' description: A conflict occurred. summary: Create a package policy tags: @@ -48825,498 +22849,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - maxItems: 1000 - type: array - ignoreMissing: - type: boolean - required: - - ids + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - maxItems: 10000 - type: array - required: - - items + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_404' description: Not found. summary: Bulk get package policies tags: @@ -49364,34 +22915,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetPackagePolicies_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Delete_Response_400' description: A bad request. summary: Delete a package policy tags: @@ -49428,477 +22958,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_400_1' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_404' description: Not found. summary: Get a package policy tags: @@ -49941,963 +23013,25 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - maxItems: 100 - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 100 - nullable: true - type: array - description: - description: Policy description. - type: string - force: - description: Force package policy creation even if the package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Policy unique identifier. - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - name: - description: Unique name for the policy. - type: string - namespace: - description: Policy namespace. When not specified, it inherits the agent policy namespace. - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Deprecated. Use policy_ids instead. - nullable: true - type: string - policy_ids: - description: IDs of the agent policies which that package policy will be added to. - items: - type: string - maxItems: 1000 - type: array - supports_agentless: - default: false - deprecated: true - description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. - nullable: true - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - required: - - name - - package + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - description: Package policy unique identifier. - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_400' description: A bad request. '403': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_403' description: Forbidden. summary: Update a package policy tags: @@ -50928,104 +23062,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - maxItems: 10000 - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -51033,22 +23077,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_400' description: A bad request. summary: Bulk delete package policies tags: @@ -51079,44 +23108,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -51124,22 +23123,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_400' description: A bad request. summary: Upgrade a package policy tags: @@ -51170,905 +23154,14 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - maxItems: 1000 - type: array - packageVersion: - type: string - required: - - packagePolicyIds + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Request' responses: '200': content: application/json: schema: items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - maxItems: 10000 - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - data_stream - maxItems: 10000 - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - maxItems: 10000 - type: array - maxItems: 1 - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - agents: - type: number - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that input. Defaults to `true` (enabled). - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: Enable or disable that stream. Defaults to `true` (enabled). - type: boolean - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Input streams. Refer to the integration documentation to know which streams are available. - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - description: Package policy inputs. Refer to the integration documentation to know which inputs are available. - type: object - x-oas-optional: true - description: Package policy inputs. - is_managed: - type: boolean - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - description: Package policy revision. - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - spaceIds: - items: - type: string - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - maxItems: 100 - type: array - - items: - type: number - maxItems: 100 - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable. Refer to the integration documentation for more information. - type: object - x-oas-optional: true - description: Package level variable. - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: true - type: object - properties: - additional_datastreams_permissions: - description: Additional datastream permissions, that will be added to the agent policy. - items: - type: string - maxItems: 1000 - nullable: true - type: array - cloud_connector_id: - description: ID of the cloud connector associated with this package policy. - nullable: true - type: string - cloud_connector_name: - description: Transient field for cloud connector name during creation. - maxLength: 255 - minLength: 1 - nullable: true - type: string - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - maxItems: 100 - type: array - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - maxItems: 10 - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - maxItems: 100 - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - maxItems: 100 - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - maxItems: 100 - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - maxItems: 100 - type: array - name: - description: Unique name for the package policy. - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - maxItems: 100 - type: array - fips_compatible: - type: boolean - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: ID of the agent policy which the package policy will be added to. - nullable: true - type: string - policy_ids: - items: - description: IDs of the agent policies which that package policy will be added to. - type: string - maxItems: 1000 - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - maxItems: 100 - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - supports_cloud_connector: - default: false - description: Indicates whether the package policy supports cloud connectors. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - var_group_selections: - additionalProperties: - type: string - description: Variable group selections. Maps var_group name to the selected option name within that group. - type: object - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - version: - description: Package policy ES version. - type: string - required: - - name - - enabled - - inputs - maxItems: 2 - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Item' maxItems: 10000 type: array description: 'OK: A successful request.' @@ -52076,22 +23169,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_400' description: A bad request. summary: Dry run a package policy upgrade tags: @@ -52116,78 +23194,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_400' description: A bad request. summary: Get proxies tags: @@ -52217,103 +23230,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name + $ref: '#/components/schemas/ApiFleetProxies_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_400' description: A bad request. summary: Create a proxy tags: @@ -52350,34 +23279,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + $ref: '#/components/schemas/ApiFleetProxies_Delete_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Delete_Response_400' description: A bad request. summary: Delete a proxy tags: @@ -52406,66 +23314,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_400_1' description: A bad request. summary: Get a proxy tags: @@ -52500,99 +23355,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - certificate_authorities - - certificate - - certificate_key + $ref: '#/components/schemas/ApiFleetProxies_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_400' description: A bad request. summary: Update a proxy tags: @@ -52622,132 +23397,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - custom_assets: - additionalProperties: - additionalProperties: false - type: object - properties: - error: - type: string - is_deleted: - type: boolean - name: - type: string - package_name: - type: string - package_version: - type: string - sync_status: - enum: - - completed - - synchronizing - - failed - - warning - type: string - type: - type: string - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - type - - name - - package_name - - package_version - - sync_status - type: object - error: - type: string - integrations: - items: - additionalProperties: false - type: object - properties: - error: - type: string - id: - type: string - install_status: - additionalProperties: false - type: object - properties: - main: - type: string - remote: - type: string - required: - - main - package_name: - type: string - package_version: - type: string - sync_status: - enum: - - completed - - synchronizing - - failed - - warning - type: string - updated_at: - type: string - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - sync_status - - install_status - maxItems: 10000 - type: array - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - integrations + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_400' description: A bad request. summary: Get remote synced integrations status by outputId tags: @@ -52773,132 +23429,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - custom_assets: - additionalProperties: - additionalProperties: false - type: object - properties: - error: - type: string - is_deleted: - type: boolean - name: - type: string - package_name: - type: string - package_version: - type: string - sync_status: - enum: - - completed - - synchronizing - - failed - - warning - type: string - type: - type: string - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - type - - name - - package_name - - package_version - - sync_status - type: object - error: - type: string - integrations: - items: - additionalProperties: false - type: object - properties: - error: - type: string - id: - type: string - install_status: - additionalProperties: false - type: object - properties: - main: - type: string - remote: - type: string - required: - - main - package_name: - type: string - package_version: - type: string - sync_status: - enum: - - completed - - synchronizing - - failed - - warning - type: string - updated_at: - type: string - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - sync_status - - install_status - maxItems: 10000 - type: array - warning: - additionalProperties: false - type: object - properties: - message: - type: string - title: - type: string - required: - - title - required: - - integrations + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_400' description: A bad request. summary: Get remote synced integrations status tags: @@ -52930,49 +23467,19 @@ paths: content: application/json: schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean + $ref: '#/components/schemas/ApiFleetServiceTokens_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - name: - type: string - value: - type: string - required: - - name - - value + $ref: '#/components/schemas/ApiFleetServiceTokens_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetServiceTokens_Post_Response_400' description: A bad request. summary: Create a service token tags: @@ -52997,112 +23504,19 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - action_secret_storage_requirements_met: - type: boolean - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - ilm_migration_status: - additionalProperties: false - type: object - properties: - logs: - enum: - - success - nullable: true - type: string - metrics: - enum: - - success - nullable: true - type: string - synthetics: - enum: - - success - nullable: true - type: string - integration_knowledge_enabled: - type: boolean - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - maxItems: 1 - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - ssl_secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_404' description: Not found. summary: Get settings tags: @@ -53132,151 +23546,25 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - deprecated: true - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - deprecated: true - type: boolean - integration_knowledge_enabled: - type: boolean - kibana_ca_sha256: - deprecated: true - type: string - kibana_urls: - deprecated: true - items: - format: uri - type: string - maxItems: 10 - type: array - prerelease_integrations_enabled: - type: boolean + $ref: '#/components/schemas/ApiFleetSettings_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - action_secret_storage_requirements_met: - type: boolean - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - ilm_migration_status: - additionalProperties: false - type: object - properties: - logs: - enum: - - success - nullable: true - type: string - metrics: - enum: - - success - nullable: true - type: string - synthetics: - enum: - - success - nullable: true - type: string - integration_knowledge_enabled: - type: boolean - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - maxItems: 1 - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - ssl_secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - item + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_400' description: A bad request. '404': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_404' description: Not found. summary: Update settings tags: @@ -53308,63 +23596,19 @@ paths: content: application/json: schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - maxItems: 10000 - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_400' description: A bad request. '500': content: application/json: schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_500' description: An internal server error occurred. summary: Initiate Fleet setup tags: @@ -53381,24 +23625,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 100 - type: array - managed_by: - type: string - required: - - allowed_namespace_prefixes - required: - - item + $ref: '#/components/schemas/ApiFleetSpaceSettings_Get_Response_200' description: 'OK: A successful request.' summary: Get space settings tags: [] @@ -53434,37 +23661,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 10 - type: array + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - allowed_namespace_prefixes: - items: - type: string - maxItems: 100 - type: array - managed_by: - type: string - required: - - allowed_namespace_prefixes - required: - - item + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Response_200' description: 'OK: A successful request.' summary: Create space settings tags: [] @@ -53515,66 +23718,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - maxItems: 10000 - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_400' description: A bad request. summary: Get metadata for latest uninstall tokens tags: @@ -53604,57 +23754,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - maxItems: 100 - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_1' description: 'OK: A successful request.' '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - attributes: {} - error: - type: string - errorType: - type: string - message: - type: string - statusCode: - type: number - required: - - message - - attributes + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_400_1' description: A bad request. summary: Get a decrypted uninstall token tags: @@ -53730,9 +23836,7 @@ paths: message: '[request query]: id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Delete_Response_400' description: Invalid input data response '401': content: @@ -53835,9 +23939,7 @@ paths: message: '[request query]: id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Get_Response_400' description: Invalid input data response '401': content: @@ -53905,25 +24007,7 @@ paths: content: application/json: schema: - example: - id: ip_list - name: Bad ips list - UPDATED - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' - required: - - id + $ref: '#/components/schemas/ApiLists_Patch_Request' description: Value list's properties required: true responses: @@ -53959,9 +24043,7 @@ paths: message: '[request body]: name: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Patch_Response_400' description: Invalid input data response '401': content: @@ -54056,30 +24138,7 @@ paths: serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) type: keyword schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - $ref: '#/components/schemas/Security_Lists_API_ListSerializer' - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type + $ref: '#/components/schemas/ApiLists_Post_Request' description: Value list's properties required: true responses: @@ -54161,9 +24220,7 @@ paths: message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Post_Response_400' description: Invalid input data response '401': content: @@ -54233,28 +24290,7 @@ paths: content: application/json: schema: - example: - description: Latest list of bad ips - id: ip_list - name: Bad ips - updated - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' - required: - - id - - name - - description + $ref: '#/components/schemas/ApiLists_Put_Request' description: Value list's properties required: true responses: @@ -54290,9 +24326,7 @@ paths: message: '[request body]: id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiLists_Put_Response_400' description: Invalid input data response '401': content: @@ -54434,29 +24468,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor + $ref: '#/components/schemas/ApiListsFind_Get_Response_200' description: Successful response '400': content: @@ -54468,9 +24480,7 @@ paths: message: '[request query]: page: Expected number, received nan' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -54529,20 +24539,13 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiListsIndex_Delete_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Delete_Response_400' description: Invalid input data response '401': content: @@ -54600,23 +24603,13 @@ paths: content: application/json: schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index + $ref: '#/components/schemas/ApiListsIndex_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Get_Response_400' description: Invalid input data response '401': content: @@ -54674,20 +24667,13 @@ paths: content: application/json: schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged + $ref: '#/components/schemas/ApiListsIndex_Post_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsIndex_Post_Response_400' description: Invalid input data response '401': content: @@ -54798,11 +24784,7 @@ paths: updated_by: elastic value: 255.255.255.255 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array + $ref: '#/components/schemas/ApiListsItems_Delete_Response_200' description: Successful response '400': content: @@ -54813,9 +24795,7 @@ paths: message: Either \"list_id\" or \"id\" needs to be defined in the request status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Delete_Response_400' description: Invalid input data response '401': content: @@ -54918,11 +24898,7 @@ paths: updated_by: elastic value: 127.0.0.2 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array + $ref: '#/components/schemas/ApiListsItems_Get_Response_200' description: Successful response '400': content: @@ -54933,9 +24909,7 @@ paths: message: Either \"list_id\" or \"id\" needs to be defined in the request status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Get_Response_400' description: Invalid input data response '401': content: @@ -55003,28 +24977,7 @@ paths: content: application/json: schema: - example: - id: pd1WRJQBs4HAK3VQeHFI - value: 255.255.255.255 - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: Determines when changes made by the request are made visible to search. - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id + $ref: '#/components/schemas/ApiListsItems_Patch_Request' description: Value list item's properties required: true responses: @@ -55057,9 +25010,7 @@ paths: message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}' status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Patch_Response_400' description: Invalid input data response '401': content: @@ -55144,27 +25095,7 @@ paths: list_id: keyword_list value: zeek schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: Determines when changes made by the request are made visible to search. - enum: - - 'true' - - 'false' - - wait_for - example: wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value + $ref: '#/components/schemas/ApiListsItems_Post_Request' description: Value list item's properties required: true responses: @@ -55224,9 +25155,7 @@ paths: message: uri [/api/lists/items] with method [post] exists but is not available with the current configuration statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Post_Response_400' description: Invalid input data response '401': content: @@ -55310,19 +25239,7 @@ paths: id: ip_item value: 255.255.255.255 schema: - type: object - properties: - _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value + $ref: '#/components/schemas/ApiListsItems_Put_Request' description: Value list item's properties required: true responses: @@ -55356,9 +25273,7 @@ paths: message: '[request body]: id: Expected string, received number' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItems_Put_Response_400' description: Invalid input data response '401': content: @@ -55458,9 +25373,7 @@ paths: error: 'Bad Request","message":"[request query]: list_id: Required' statusCode: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsExport_Post_Response_400' description: Invalid input data response '401': content: @@ -55596,29 +25509,7 @@ paths: per_page: 20 total: 1 schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor + $ref: '#/components/schemas/ApiListsItemsFind_Get_Response_200' description: Successful response '400': content: @@ -55630,9 +25521,7 @@ paths: message: '[request query]: list_id: Required' statusCode: 400, schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsFind_Get_Response_400' description: Invalid input data response '401': content: @@ -55748,22 +25637,7 @@ paths: content: multipart/form-data: schema: - type: object - properties: - file: - description: A `.txt` or `.csv` file containing newline separated list items. - example: | - 127.0.0.1 - 127.0.0.2 - 127.0.0.3 - 127.0.0.4 - 127.0.0.5 - 127.0.0.6 - 127.0.0.7 - 127.0.0.8 - 127.0.0.9 - format: binary - type: string + $ref: '#/components/schemas/ApiListsItemsImport_Post_Request' required: true responses: '200': @@ -55797,9 +25671,7 @@ paths: message: Either type or list_id need to be defined in the query status_code: 400 schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsItemsImport_Post_Response_400' description: Invalid input data response '401': content: @@ -55924,26 +25796,13 @@ paths: write: true username: elastic schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated + $ref: '#/components/schemas/ApiListsPrivileges_Get_Response_200' description: Successful response '400': content: application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + $ref: '#/components/schemas/ApiListsPrivileges_Get_Response_400' description: Invalid input data response '401': content: @@ -56050,7 +25909,7 @@ paths: } } schema: - type: object + $ref: '#/components/schemas/ApiLogstashPipeline_Get_Response_200' description: Indicates a successful call summary: Get a Logstash pipeline tags: @@ -56088,29 +25947,7 @@ paths: } } schema: - type: object - properties: - description: - description: A description of the pipeline. - type: string - pipeline: - description: A definition for the pipeline. - type: string - settings: - description: | - Supported settings, represented as object keys, include the following: - - - `pipeline.workers` - - `pipeline.batch.size` - - `pipeline.batch.delay` - - `pipeline.ecs_compatibility` - - `pipeline.ordered` - - `queue.type` - - `queue.max_bytes` - - `queue.checkpoint.writes` - type: object - required: - - pipeline + $ref: '#/components/schemas/ApiLogstashPipeline_Put_Request' responses: '204': description: Indicates a successful call @@ -56158,7 +25995,7 @@ paths: ] } schema: - type: object + $ref: '#/components/schemas/ApiLogstashPipelines_Get_Response_200' description: Indicates a successful call summary: Get all Logstash pipelines tags: @@ -56190,218 +26027,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. - type: string - required: - - kql - required: - - query - required: - - alerting - title: - description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. - type: string - required: - - title - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -56483,139 +26115,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - maintenanceWindows: - items: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule - type: array - page: - type: number - per_page: - type: number - total: - type: number - required: - - page - - per_page - - total - - maintenanceWindows + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -56691,122 +26191,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -56848,215 +26233,13 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - minimum: 1 - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - maximum: 12 - minimum: 1 - type: number - minItems: 1 - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - maximum: 31 - minimum: 1 - type: number - minItems: 1 - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - minItems: 1 - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. - type: string - required: - - kql - required: - - query - required: - - alerting - title: - description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. - type: string + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request' responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -57103,122 +26286,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -57263,122 +26331,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - created_at: - description: The date and time when the maintenance window was created. - type: string - created_by: - description: The identifier for the user that created the maintenance window. - nullable: true - type: string - enabled: - description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. - type: boolean - id: - description: The identifier for the maintenance window. - type: string - schedule: - additionalProperties: false - type: object - properties: - custom: - additionalProperties: false - type: object - properties: - duration: - description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' - type: string - recurring: - additionalProperties: false - type: object - properties: - end: - description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' - type: string - every: - description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' - type: string - occurrences: - description: The total number of recurrences of the schedule. - type: number - onMonth: - description: The specific months for a recurring schedule. Valid values are 1-12. - items: - type: number - type: array - onMonthDay: - description: The specific days of the month for a recurring schedule. Valid values are 1-31. - items: - type: number - type: array - onWeekDay: - description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. - items: - type: string - type: array - start: - description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' - type: string - timezone: - description: The timezone of the schedule. The default timezone is UTC. - type: string - required: - - start - - duration - required: - - custom - scope: - additionalProperties: false - type: object - properties: - alerting: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - kql: - description: A filter written in Kibana Query Language (KQL). - type: string - required: - - kql - required: - - query - required: - - alerting - status: - description: The current status of the maintenance window. - enum: - - running - - upcoming - - finished - - archived - - disabled - type: string - title: - description: The name of the maintenance window. - type: string - updated_at: - description: The date and time when the maintenance window was last updated. - type: string - updated_by: - description: The identifier for the user that last updated this maintenance window. - nullable: true - type: string - required: - - id - - title - - enabled - - created_by - - updated_by - - created_at - - updated_at - - status - - schedule + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -57541,24 +26494,7 @@ paths: content: application/json: schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds + $ref: '#/components/schemas/ApiNote_Delete_Request' description: The ID of the note to delete. required: true responses: @@ -57655,23 +26591,7 @@ paths: content: application/json: schema: - type: object - properties: - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - description: The note to add or update. - noteId: - description: The `savedObjectId` of the note - example: 709f99c6-89b6-4953-9160-35945c8e174e - nullable: true - type: string - version: - description: The version of the note - example: WzQ2LDFd - nullable: true - type: string - required: - - note + $ref: '#/components/schemas/ApiNote_Patch_Request' description: The note to add or update, along with additional metadata. required: true responses: @@ -57711,41 +26631,7 @@ paths: chatCompleteRequestExample: $ref: '#/components/schemas/Observability_AI_Assistant_API_ChatCompleteRequestExample' schema: - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Function' - type: array - connectorId: - description: A unique identifier for the connector. - type: string - conversationId: - description: A unique identifier for the conversation if you are continuing an existing conversation. - type: string - disableFunctions: - description: Flag indicating whether all function calls should be disabled for the conversation. If true, no calls to functions will be made. - type: boolean - instructions: - description: An array of instruction objects, which can be either simple strings or detailed objects. - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction' - type: array - messages: - description: An array of message objects containing the conversation history. - items: - $ref: '#/components/schemas/Observability_AI_Assistant_API_Message' - type: array - persist: - description: Indicates whether the conversation should be saved to storage. If true, the conversation will be saved and will be available in Kibana. - type: boolean - title: - description: A title for the conversation. - type: string - required: - - messages - - connectorId - - persist + $ref: '#/components/schemas/ApiObservabilityAiAssistantChatComplete_Post_Request' responses: '200': content: @@ -57754,7 +26640,7 @@ paths: chatCompleteResponseExample: $ref: '#/components/schemas/Observability_AI_Assistant_API_ChatCompleteResponseExample' schema: - type: object + $ref: '#/components/schemas/ApiObservabilityAiAssistantChatComplete_Post_Response_200' description: Successful response summary: Generate a chat completion tags: @@ -58068,9 +26954,7 @@ paths: content: application/json: schema: - example: {} - type: object - properties: {} + $ref: '#/components/schemas/ApiOsqueryPacks_Delete_Response_200' description: OK summary: Delete a pack tags: @@ -58329,24 +27213,7 @@ paths: content: application/json: schema: - type: object - properties: - eventId: - description: The `_id` of the associated event for this pinned event. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - type: string - pinnedEventId: - description: The `savedObjectId` of the pinned event you want to unpin. - example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 - nullable: true - type: string - timelineId: - description: The `savedObjectId` of the timeline that you want this pinned event unpinned from. - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - eventId - - timelineId + $ref: '#/components/schemas/ApiPinnedEvent_Patch_Request' description: The pinned event to add or unpin, along with additional metadata. required: true responses: @@ -58378,10 +27245,7 @@ paths: content: application/json: schema: - type: object - properties: - cleanup_successful: - type: boolean + $ref: '#/components/schemas/ApiRiskScoreEngineDangerouslyDeleteData_Delete_Response_200' description: Successful response '400': content: @@ -58416,54 +27280,14 @@ paths: content: application/json: schema: - type: object - properties: - enable_reset_to_zero: - type: boolean - exclude_alert_statuses: - items: - type: string - type: array - exclude_alert_tags: - items: - type: string - type: array - filters: - items: - type: object - properties: - entity_types: - items: - enum: - - host - - user - - service - type: string - type: array - filter: - description: KQL filter string - type: string - required: - - entity_types - - filter - type: array - range: - type: object - properties: - end: - type: string - start: - type: string + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request' required: true responses: '200': content: application/json: schema: - type: object - properties: - risk_engine_saved_object_configured: - type: boolean + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Response_200' description: Successful response '400': content: @@ -58548,7 +27372,7 @@ paths: application/json: schema: items: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkCreate_Post_Request_Item' type: array required: true responses: @@ -58556,7 +27380,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkCreate_Post_Response_200' description: Indicates a successful call. '400': content: @@ -58597,7 +27421,7 @@ paths: application/json: schema: items: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkDelete_Post_Request_Item' type: array required: true responses: @@ -58605,7 +27429,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkDelete_Post_Response_200' description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': @@ -58641,7 +27465,7 @@ paths: application/json: schema: items: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkGet_Post_Request_Item' type: array required: true responses: @@ -58649,7 +27473,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkGet_Post_Response_200' description: Indicates a successful call. '400': content: @@ -58684,7 +27508,7 @@ paths: application/json: schema: items: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkResolve_Post_Request_Item' type: array required: true responses: @@ -58692,7 +27516,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkResolve_Post_Response_200' description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': @@ -58728,7 +27552,7 @@ paths: application/json: schema: items: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkUpdate_Post_Request_Item' type: array required: true responses: @@ -58736,7 +27560,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsBulkUpdate_Post_Response_200' description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': @@ -58787,66 +27611,7 @@ paths: - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 type: map schema: - additionalProperties: false - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - hasReference: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - includeReferencesDeep: - default: false - description: Includes all of the referenced objects in the exported objects. - type: boolean - objects: - description: 'A list of objects to export. NOTE: this optional parameter cannot be combined with the `types` option' - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - maxItems: 10000 - type: array - search: - description: Search for documents to export using the Elasticsearch Simple Query String syntax. - type: string - type: - anyOf: - - type: string - - items: - type: string - type: array - description: The saved object types to include in the export. Use `*` to export all the types. Valid options depend on enabled plugins, but may include `visualization`, `dashboard`, `search`, `index-pattern`, `tag`, `config`, `config-global`, `lens`, `map`, `event-annotation-group`, `query`, `url`, `action`, `alert`, `alerting_rule_template`, `apm-indices`, `cases-user-actions`, `cases`, `cases-comments`, `infrastructure-monitoring-log-view`, `ml-trained-model`, `osquery-saved-query`, `osquery-pack`, `osquery-pack-asset`. + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request' responses: '200': content: @@ -58885,22 +27650,7 @@ paths: content: application/json: schema: - additionalProperties: false - description: Indicates an unsuccessful response. - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Response_400' description: Bad request. summary: Export saved objects tags: @@ -59008,7 +27758,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsFind_Get_Response_200' description: Indicates a successful call. '400': content: @@ -59072,14 +27822,7 @@ paths: value: file: file.ndjson schema: - additionalProperties: false - type: object - properties: - file: - description: 'A file exported using the export API. Changing the contents of the exported file in any way before importing it can cause errors, crashes or data loss. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.' - type: object - required: - - file + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Request' responses: '200': content: @@ -59099,61 +27842,13 @@ paths: title: Kibana Sample Data Logs type: index-pattern schema: - additionalProperties: false - type: object - properties: - errors: - description: |- - Indicates the import was unsuccessful and specifies the objects that failed to import. - - NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. - items: - additionalProperties: true - type: object - properties: {} - type: array - success: - description: Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: number - successResults: - description: |- - Indicates the objects that are successfully imported, with any metadata if applicable. - - NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. - items: - additionalProperties: true - type: object - properties: {} - type: array - required: - - success - - successCount - - errors - - successResults + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200' description: Indicates a successful call. '400': content: application/json: schema: - additionalProperties: false - description: Indicates an unsuccessful response. - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: integer - required: - - error - - message - - statusCode + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_400' description: Bad request. summary: Import saved objects tags: @@ -59207,50 +27902,7 @@ paths: resolveImportErrorsRequest: $ref: '#/components/examples/Saved_objects_resolve_missing_reference_request' schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: The retry operations, which can specify how to resolve different types of errors. - items: - type: object - properties: - destinationId: - description: Specifies the destination ID that the imported object should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: When set to `true`, ignores missing reference errors. When set to `false`, does nothing. - type: boolean - overwrite: - description: When set to `true`, the source object overwrites the conflicting destination object. When set to `false`, does nothing. - type: boolean - replaceReferences: - description: A list of `type`, `from`, and `to` used to change the object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - required: - - retries + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Request' required: true responses: '200': @@ -59260,32 +27912,7 @@ paths: resolveImportErrorsResponse: $ref: '#/components/examples/Saved_objects_resolve_missing_reference_response' schema: - type: object - properties: - errors: - description: | - Specifies the objects that failed to resolve. - - NOTE: One object can result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: | - Indicates a successful import. When set to `false`, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: | - Indicates the objects that are successfully imported, with any metadata if applicable. - - NOTE: Objects are only created when all resolvable errors are addressed, including conflict and missing references. - items: - type: object - type: array + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Response_200' description: Indicates a successful call. '400': content: @@ -59325,29 +27952,20 @@ paths: content: application/json: schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes + $ref: '#/components/schemas/ApiSavedObjects_Post_Request' required: true responses: '200': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Post_Response_200' description: Indicates a successful call. '409': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Post_Response_409' description: Indicates a conflict error. summary: Create a saved object tags: @@ -59377,7 +27995,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Get_Response_200' description: Indicates a successful call. '400': content: @@ -59417,29 +28035,20 @@ paths: content: application/json: schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes + $ref: '#/components/schemas/ApiSavedObjects_Post_Request_1' required: true responses: '200': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Post_Response_200_1' description: Indicates a successful call. '409': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Post_Response_409_1' description: Indicates a conflict error. summary: Create a saved object tags: @@ -59468,26 +28077,26 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Put_Request' required: true responses: '200': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Put_Response_200' description: Indicates a successful call. '404': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Put_Response_404' description: Indicates the object was not found. '409': content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjects_Put_Response_409' description: Indicates a conflict error. summary: Update a saved object tags: @@ -59517,7 +28126,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/ApiSavedObjectsResolve_Get_Response_200' description: Indicates a successful call. '400': content: @@ -59546,55 +28155,7 @@ paths: content: application/json: schema: - example: - create: - - allowed: true - anonymized: false - field: host.name - - allowed: false - anonymized: true - field: user.name - delete: - ids: - - field5 - - field6 - query: 'field: host.name' - update: - - allowed: true - anonymized: false - id: field8 - - allowed: false - anonymized: true - id: field9 - type: object - properties: - create: - description: Array of anonymization fields to create. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' - type: array - delete: - description: Object containing the query to filter anonymization fields and/or an array of anonymization field IDs to delete. - type: object - properties: - ids: - description: Array of IDs to apply the action to. - example: - - '1234' - - '5678' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter the bulk action. - example: 'status: ''inactive''' - type: string - update: - description: Array of anonymization fields to update. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request' responses: '200': content: @@ -59650,17 +28211,7 @@ paths: message: Invalid request body statusCode: 400 schema: - type: object - properties: - error: - description: Error type or name. - type: string - message: - description: Detailed error message. - type: string - statusCode: - description: Status code of the response. - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Response_400' description: Generic Error summary: Apply a bulk action to anonymization fields tags: @@ -59778,54 +28329,7 @@ paths: perPage: 20 total: 100 schema: - type: object - properties: - aggregations: - type: object - properties: - field_status: - type: object - properties: - buckets: - type: object - properties: - allowed: - type: object - properties: - doc_count: - default: 0 - type: integer - anonymized: - type: object - properties: - doc_count: - default: 0 - type: integer - denied: - type: object - properties: - doc_count: - default: 0 - type: integer - all: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' - type: array - data: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200' description: Successful response '400': content: @@ -59835,14 +28339,7 @@ paths: message: Invalid request parameters statusCode: 400 schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_400' description: Generic Error summary: Get anonymization fields tags: @@ -59906,20 +28403,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - description: Error type. - example: Bad Request - type: string - message: - description: Human-readable error message. - example: Invalid request payload. - type: string - statusCode: - description: HTTP status code. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantChatComplete_Post_Response_400' description: Generic Error summary: Create a model response tags: @@ -59942,16 +28426,7 @@ paths: content: application/json: schema: - type: object - properties: - excludedIds: - description: Optional list of conversation IDs to delete. - example: - - abc123 - - def456 - items: - type: string - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Request' required: false responses: '200': @@ -59960,34 +28435,13 @@ paths: example: success: true schema: - type: object - properties: - failures: - items: - type: string - type: array - success: - example: true - type: boolean - totalDeleted: - example: 10 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_200' description: Indicates a successful call. The conversations were deleted successfully. '400': content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400' description: Generic Error. This response indicates an issue with the request. summary: Delete conversations tags: @@ -60052,17 +28506,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Missing required parameter: title' - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Post_Response_400' description: Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data. summary: Create a conversation tags: @@ -60146,46 +28590,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: A list of conversations. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' - type: array - page: - description: The current page of the results. - example: 1 - type: integer - perPage: - description: The number of results returned per page. - example: 20 - type: integer - total: - description: The total number of conversations matching the filter criteria. - example: 100 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_200' description: Successful response, returns a paginated list of conversations matching the specified criteria. '400': content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid filter query parameter - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_400' description: Generic Error. The request could not be processed due to an invalid query parameter or other issue. summary: Get conversations tags: @@ -60241,17 +28652,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400_1' description: Generic Error. This response indicates an issue with the request. summary: Delete a conversation tags: @@ -60306,17 +28707,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: Invalid conversation ID - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Get_Response_400' description: Generic Error. The request could not be processed due to an error. summary: Get a conversation tags: @@ -60389,17 +28780,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - example: Bad Request - type: string - message: - example: 'Missing required field: title' - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantCurrentUserConversations_Put_Response_400' description: Generic Error. This response indicates an issue with the request, such as missing required parameters or incorrect data. summary: Update a conversation tags: @@ -60681,42 +29062,7 @@ paths: content: application/json: schema: - type: object - properties: - create: - description: List of Knowledge Base Entries to create. - example: - - content: This is the content of the new entry. - title: New Entry - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' - type: array - delete: - type: object - properties: - ids: - description: Array of Knowledge Base Entry IDs. - example: - - '123' - - '456' - - '789' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter Knowledge Base Entries. - example: status:active AND category:technology - type: string - update: - description: List of Knowledge Base Entries to update. - example: - - content: Updated content. - id: '123' - title: Updated Entry - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request' responses: '200': content: @@ -60803,49 +29149,13 @@ paths: content: application/json: schema: - type: object - properties: - data: - description: The list of Knowledge Base Entries for the current page. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' - type: array - page: - description: The current page number. - example: 1 - type: integer - perPage: - description: The number of Knowledge Base Entries returned per page. - example: 20 - type: integer - total: - description: The total number of Knowledge Base Entries available. - example: 100 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_200' description: Successful response containing the paginated Knowledge Base Entries. '400': content: application/json: schema: - type: object - properties: - error: - description: A short description of the error. - example: Bad Request - type: string - message: - description: A detailed message explaining the error. - example: 'Invalid query parameter: sort_order' - type: string - statusCode: - description: The HTTP status code of the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_400' description: Generic Error indicating an issue with the request. summary: Finds Knowledge Base Entries that match the given query. tags: @@ -61035,35 +29345,7 @@ paths: - content: Updated content for security prompt. id: prompt123 schema: - type: object - properties: - create: - description: List of prompts to be created. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' - type: array - delete: - description: Criteria for deleting prompts in bulk. - type: object - properties: - ids: - description: Array of IDs to apply the action to. - example: - - '1234' - - '5678' - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter the bulk action. - example: 'status: ''inactive''' - type: string - update: - description: List of prompts to be updated. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' - type: array + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Request' responses: '200': content: @@ -61107,20 +29389,7 @@ paths: content: application/json: schema: - type: object - properties: - error: - description: A short error message. - example: Bad Request - type: string - message: - description: A detailed error message. - example: Invalid prompt ID or missing required fields. - type: string - statusCode: - description: The HTTP status code for the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Response_400' description: Indicates a generic error due to a bad request. summary: Apply a bulk action to prompts tags: @@ -61194,74 +29463,13 @@ paths: content: application/json: schema: - example: - data: - - categories: - - troubleshooting - - logging - color: '#FF5733' - consumer: security - content: If you encounter an error, check the logs and retry. - createdAt: '2025-04-20T21:00:00Z' - createdBy: jdoe - id: prompt-123 - isDefault: true - isNewConversationDefault: false - name: Error Troubleshooting Prompt - namespace: default - promptType: standard - timestamp: '2025-04-30T22:30:00Z' - updatedAt: '2025-04-30T22:45:00Z' - updatedBy: jdoe - users: - - full_name: John Doe - username: jdoe - page: 1 - perPage: 20 - total: 142 - type: object - properties: - data: - description: The list of prompts returned based on the search query, sorting, and pagination. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' - type: array - page: - description: Current page number. - example: 1 - type: integer - perPage: - description: Number of prompts per page. - example: 20 - type: integer - total: - description: Total number of prompts matching the query. - example: 142 - type: integer - required: - - page - - perPage - - total - - data + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsFind_Get_Response_200' description: Successful response containing a list of prompts. '400': content: application/json: schema: - type: object - properties: - error: - description: Short error message. - example: Bad Request - type: string - message: - description: Detailed description of the error. - example: Invalid sort order value provided. - type: string - statusCode: - description: HTTP status code for the error. - example: 400 - type: number + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsFind_Get_Response_400' description: Bad request due to invalid parameters or malformed query. summary: Get prompts tags: @@ -61308,35 +29516,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - filters: - additionalProperties: false - type: object - properties: - showReservedRoles: - type: boolean - from: - type: number - query: - type: string - size: - type: number - sort: - additionalProperties: false - type: object - properties: - direction: - enum: - - asc - - desc - type: string - field: - type: string - required: - - field - - direction + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request' responses: '200': description: Indicates a successful call. @@ -61431,194 +29611,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: Cluster privileges that define the cluster level actions that users can perform. - type: string - maxItems: 100 - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that the role members have for the data streams and indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. - type: string - required: - - names - - privileges - maxItems: 1000 - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. - type: string - maxItems: 100 - minItems: 1 - type: array - required: - - privileges - - clusters - maxItems: 100 - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. - type: boolean - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that role members have for the specified indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' - type: string - required: - - clusters - - names - - privileges - maxItems: 1000 - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - maxItems: 100 - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: A base privilege that grants applies to all spaces. - type: string - maxItems: 50 - type: array - - items: - description: A base privilege that applies to specific spaces. - type: string - maxItems: 50 - type: array - feature: - additionalProperties: - items: - description: The privileges that the role member has for the feature. - type: string - maxItems: 100 - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - maxItems: 1000 - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch + $ref: '#/components/schemas/ApiSecurityRole_Put_Request' examples: createRoleRequest1: $ref: '#/components/examples/create_role_request1' @@ -61652,202 +29645,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: Cluster privileges that define the cluster level actions that users can perform. - type: string - maxItems: 100 - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that the role members have for the data streams and indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. - type: string - required: - - names - - privileges - maxItems: 1000 - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. - type: string - maxItems: 100 - minItems: 1 - type: array - required: - - privileges - - clusters - maxItems: 100 - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. - type: boolean - clusters: - items: - description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. - type: string - maxItems: 100 - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: The document fields that the role members have read access to. - type: string - maxItems: 1000 - type: array - type: object - names: - items: - description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). - type: string - maxItems: 100 - minItems: 1 - type: array - privileges: - items: - description: The index level privileges that role members have for the specified indices. - type: string - maxItems: 100 - minItems: 1 - type: array - query: - description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' - type: string - required: - - clusters - - names - - privileges - maxItems: 1000 - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - maxItems: 100 - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: A base privilege that grants applies to all spaces. - type: string - maxItems: 50 - type: array - - items: - description: A base privilege that applies to specific spaces. - type: string - maxItems: 50 - type: array - feature: - additionalProperties: - items: - description: The privileges that the role member has for the feature. - type: string - maxItems: 100 - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - maxItems: 1000 - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request' responses: '200': description: Indicates a successful call. @@ -61913,50 +29711,13 @@ paths: } } schema: - type: object - properties: - match: - description: | - The method Kibana uses to determine which sessions to invalidate. If it is `all`, all existing sessions will be invalidated. If it is `query`, only the sessions that match the query will be invalidated. - enum: - - all - - query - type: string - query: - description: | - The query that Kibana uses to match the sessions to invalidate when the `match` parameter is set to `query`. - type: object - properties: - provider: - description: The authentication providers that will have their user sessions invalidated. - type: object - properties: - name: - description: The authentication provider name. - type: string - type: - description: | - The authentication provide type. For example: `basic`, `token`, `saml`, `oidc`, `kerberos`, or `pki`. - type: string - required: - - type - username: - description: The username that will have its sessions invalidated. - type: string - required: - - provider - required: - - match + $ref: '#/components/schemas/ApiSecuritySessionInvalidate_Post_Request' responses: '200': content: application/json: schema: - type: object - properties: - total: - description: The number of sessions that were successfully invalidated. - type: integer + $ref: '#/components/schemas/ApiSecuritySessionInvalidate_Post_Response_200' description: Indicates a successful call '403': description: Indicates that the user may not be authorized to invalidate sessions for other users. @@ -61976,28 +29737,7 @@ paths: content: application/json: schema: - type: object - properties: - humanReadableSlug: - description: | - When the `slug` parameter is omitted, the API will generate a random human-readable slug if `humanReadableSlug` is set to true. - type: boolean - locatorId: - description: The identifier for the locator. - type: string - params: - description: | - An object which contains all necessary parameters for the given locator to resolve to a Kibana location. - > warn - > When you create a short URL, locator params are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed. - type: object - slug: - description: | - A custom short URL slug. The slug is the part of the short URL that identifies it. You can provide a custom slug which consists of latin alphabet letters, numbers, and `-._` characters. The slug must be at least 3 characters long, but no longer than 255 characters. - type: string - required: - - locatorId - - params + $ref: '#/components/schemas/ApiShortUrl_Post_Request' required: true responses: '200': @@ -62092,50 +29832,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - description: Apply various adjustments to the saved objects that are being copied to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with copied saved objects. This option cannot be used with the `createNewCopies` option. - type: boolean - createNewCopies: - default: true - description: Create new copies of saved objects, regenerate each object identifier, and reset the origin. When used, potential conflict errors are avoided. This option cannot be used with the `overwrite` and `compatibilityMode` options. - type: boolean - includeReferences: - default: false - description: When set to true, all saved objects related to the specified saved objects will also be copied into the target spaces. - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to copy. - type: string - type: - description: The type of the saved object to copy. - type: string - required: - - type - - id - maxItems: 1000 - type: array - overwrite: - default: false - description: When set to true, all conflicts are automatically overridden. When a saved object with a matching type and identifier exists in the target space, that version is replaced with the version from the source space. This option cannot be used with the `createNewCopies` option. - type: boolean - spaces: - items: - description: The identifiers of the spaces where you want to copy the specified objects. - type: string - maxItems: 100 - type: array - required: - - spaces - - objects + $ref: '#/components/schemas/ApiSpacesCopySavedObjects_Post_Request' examples: copySavedObjectsRequestExample1: $ref: '#/components/examples/copy_saved_objects_request1' @@ -62176,31 +29873,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - aliases: - items: - additionalProperties: false - type: object - properties: - sourceId: - description: The alias source object identifier. This is the legacy object identifier. - type: string - targetSpace: - description: The space where the alias target object exists. - type: string - targetType: - description: 'The type of alias target object. ' - type: string - required: - - targetSpace - - targetType - - sourceId - maxItems: 1000 - type: array - required: - - aliases + $ref: '#/components/schemas/ApiSpacesDisableLegacyUrlAliases_Post_Request' examples: disableLegacyURLRequestExample1: $ref: '#/components/examples/disable_legacy_url_request1' @@ -62227,25 +29900,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - maxItems: 1000 - type: array - required: - - objects + $ref: '#/components/schemas/ApiSpacesGetShareableReferences_Post_Request' responses: {} summary: Get shareable references tags: @@ -62269,66 +29924,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - maxItems: 1000 - type: array - retries: - additionalProperties: - items: - additionalProperties: false - type: object - properties: - createNewCopy: - description: Creates new copies of the saved objects, regenerates each object ID, and resets the origin. - type: boolean - destinationId: - description: Specifies the destination identifier that the copied object should have, if different from the current identifier. - type: string - id: - description: The saved object identifier. - type: string - ignoreMissingReferences: - description: When set to true, any missing references errors are ignored. - type: boolean - overwrite: - default: false - description: When set to true, the saved object from the source space overwrites the conflicting object in the destination space. - type: boolean - type: - description: The saved object type. - type: string - required: - - type - - id - maxItems: 1000 - type: array - type: object - required: - - retries - - objects + $ref: '#/components/schemas/ApiSpacesResolveCopySavedObjectsErrors_Post_Request' examples: resolveCopySavedObjectsRequestExample1: $ref: '#/components/examples/resolve_copy_saved_objects_request1' @@ -62365,41 +29961,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to update. - type: string - type: - description: The type of the saved object to update. - type: string - required: - - type - - id - maxItems: 1000 - type: array - spacesToAdd: - items: - description: The identifiers of the spaces the saved objects should be added to or removed from. - type: string - maxItems: 1000 - type: array - spacesToRemove: - items: - description: The identifiers of the spaces the saved objects should be added to or removed from. - type: string - maxItems: 1000 - type: array - required: - - objects - - spacesToAdd - - spacesToRemove + $ref: '#/components/schemas/ApiSpacesUpdateObjectsSpaces_Post_Request' examples: updateObjectSpacesRequestExample1: $ref: '#/components/examples/update_saved_objects_spaces_request1' @@ -62481,48 +30043,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - maxItems: 100 - type: array - id: - description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. - type: string - imageUrl: - description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. - type: string - initials: - description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiSpacesSpace_Post_Request' examples: createSpaceRequest: $ref: '#/components/examples/create_space_request' @@ -62607,48 +30128,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - maxItems: 100 - type: array - id: - description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. - type: string - imageUrl: - description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. - type: string - initials: - description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name + $ref: '#/components/schemas/ApiSpacesSpace_Put_Request' examples: updateSpaceRequest: $ref: '#/components/examples/update_space_request' @@ -62682,19 +30162,13 @@ paths: content: application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' - description: Kibana's operational status. A minimal response is sent for unauthorized users. + $ref: '#/components/schemas/ApiStatus_Get_Response_200' description: Overall status is OK and Kibana should be functioning normally. '503': content: application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' - description: Kibana's operational status. A minimal response is sent for unauthorized users. + $ref: '#/components/schemas/ApiStatus_Get_Response_503' description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable. summary: Get Kibana's current status tags: @@ -62718,14 +30192,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Get_Request' responses: {} summary: Get stream list tags: @@ -62757,14 +30224,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsDisable_Post_Request' responses: {} summary: Disable streams tags: @@ -62796,14 +30256,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsEnable_Post_Request' responses: {} summary: Enable streams tags: @@ -62835,14 +30288,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsResync_Post_Request' responses: {} summary: Resync streams tags: @@ -62879,14 +30325,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Delete_Request' responses: {} summary: Delete a stream tags: @@ -62915,14 +30354,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreams_Get_Request_1' responses: {} summary: Get a stream tags: @@ -62958,17246 +30390,7 @@ paths: content: application/json: schema: - anyOf: - - anyOf: - - allOf: - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - wired: - additionalProperties: false - type: object - properties: - fields: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - routing: - items: - additionalProperties: false - type: object - properties: - destination: - description: A non-empty string. - minLength: 1 - type: string - status: - enum: - - enabled - - disabled - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - destination - - where - type: array - required: - - fields - - routing - required: - - wired - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - additionalProperties: false - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: {} - - allOf: - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - classic: - additionalProperties: false - type: object - properties: - field_overrides: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - required: - - classic - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - description: - type: string - name: - type: string - updated_at: - format: date-time - type: string - required: - - name - - description - - updated_at - required: - - stream - - type: object - properties: - dashboards: - items: - type: string - type: array - queries: - items: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - type: array - rules: - items: - type: string - type: array - required: - - dashboards - - rules - - queries - - type: object - properties: - stream: - allOf: - - additionalProperties: true - type: object - properties: - ingest: - additionalProperties: true - type: object - properties: - processing: - additionalProperties: true - type: object - properties: - updated_at: - not: {} - required: - - processing - name: - not: {} - updated_at: - not: {} - - additionalProperties: false - type: object - properties: - ingest: - additionalProperties: false - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - format: date-time - type: string - required: - - steps - - updated_at - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - required: - - ingest - required: - - stream - - type: object - properties: {} - - type: object - properties: {} + $ref: '#/components/schemas/ApiStreams_Put_Request' responses: {} summary: Create or update a stream tags: @@ -80234,192 +30427,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - status: - enum: - - enabled - - disabled - type: string - stream: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - stream - - where + $ref: '#/components/schemas/ApiStreamsFork_Post_Request' responses: {} summary: Fork a stream tags: @@ -80449,14 +30457,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsIngest_Get_Request' responses: {} summary: Get ingest stream settings tags: @@ -80492,8175 +30493,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - ingest: - anyOf: - - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - not: {} - required: - - steps - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - wired: - additionalProperties: false - type: object - properties: - fields: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - routing: - items: - additionalProperties: false - type: object - properties: - destination: - description: A non-empty string. - minLength: 1 - type: string - status: - enum: - - enabled - - disabled - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - required: - - destination - - where - type: array - required: - - fields - - routing - required: - - wired - - allOf: - - type: object - properties: - failure_store: - anyOf: - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - - anyOf: - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - enabled: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - required: - - enabled - required: - - lifecycle - - additionalProperties: false - type: object - properties: - lifecycle: - additionalProperties: false - type: object - properties: - disabled: - additionalProperties: false - type: object - properties: {} - required: - - disabled - required: - - lifecycle - lifecycle: - anyOf: - - additionalProperties: false - type: object - properties: - dsl: - additionalProperties: false - type: object - properties: - data_retention: - description: A non-empty string. - minLength: 1 - type: string - downsample: - items: - additionalProperties: false - type: object - properties: - after: - description: A non-empty string. - minLength: 1 - type: string - fixed_interval: - description: A non-empty string. - minLength: 1 - type: string - required: - - after - - fixed_interval - type: array - required: - - dsl - - additionalProperties: false - type: object - properties: - ilm: - additionalProperties: false - type: object - properties: - policy: - description: A non-empty string. - minLength: 1 - type: string - required: - - policy - required: - - ilm - - additionalProperties: false - type: object - properties: - inherit: - additionalProperties: false - type: object - properties: {} - required: - - inherit - processing: - additionalProperties: false - type: object - properties: - steps: - items: - anyOf: - - anyOf: - - additionalProperties: false - description: Grok processor - Extract fields from text using grok patterns - type: object - properties: - action: - enum: - - grok - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with grok patterns - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern_definitions: - additionalProperties: - type: string - type: object - patterns: - description: Grok patterns applied in order to extract fields - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - patterns - - additionalProperties: false - description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser - type: object - properties: - action: - enum: - - dissect - type: string - append_separator: - description: Separator inserted when target fields are concatenated - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to parse with dissect pattern - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - pattern: - description: Dissect pattern describing field boundaries - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - additionalProperties: false - description: Date processor - Parse dates from strings using one or more expected formats - type: object - properties: - action: - enum: - - date - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - formats: - description: Accepted input date formats, tried in order - items: - description: A non-empty string. - minLength: 1 - type: string - type: array - from: - description: Source field containing the date/time text - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - locale: - description: Optional locale for date parsing - minLength: 1 - type: string - output_format: - description: Optional output format for storing the parsed date as text - minLength: 1 - type: string - timezone: - description: Optional timezone for date parsing - minLength: 1 - type: string - to: - description: Target field for the parsed date (defaults to source) - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - formats - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - drop_document - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - math - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - expression: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - expression - - to - - additionalProperties: false - description: Rename processor - Change a field name and optionally its location - type: object - properties: - action: - enum: - - rename - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Existing source field to rename or move - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip when source field is missing - type: boolean - override: - description: Allow overwriting the target field if it already exists - type: boolean - to: - description: New field name or destination path - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) - type: object - properties: - action: - enum: - - set - type: string - copy_from: - description: Copy value from another field instead of providing a literal - minLength: 1 - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - override: - description: Allow overwriting an existing target field - type: boolean - to: - description: Target field to set or create - minLength: 1 - type: string - value: - description: Literal value to assign to the target field - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - additionalProperties: false - description: Append processor - Append one or more values to an existing or new array field - type: object - properties: - action: - enum: - - append - type: string - allow_duplicates: - description: If true, do not deduplicate appended values - type: boolean - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - to: - description: Array field to append values to - minLength: 1 - type: string - value: - description: Values to append (must be literal, no templates) - items: {} - minItems: 1 - type: array - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - to - - value - - additionalProperties: false - description: Remove by prefix processor - Remove a field and all nested fields matching the prefix - type: object - properties: - action: - enum: - - remove_by_prefix - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove along with all its nested fields - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - required: - - action - - from - - additionalProperties: false - description: Remove processor - Delete one or more fields from the document - type: object - properties: - action: - enum: - - remove - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Field to remove from the document - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - replace - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - pattern: - description: A non-empty string or string with whitespace. - minLength: 1 - type: string - replacement: - type: string - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - pattern - - replacement - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - uppercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - lowercase - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - trim - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: A non-empty string. - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - join - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - delimiter: - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - description: A non-empty string. - minLength: 1 - type: string - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - delimiter - - to - - additionalProperties: false - description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) - type: object - properties: - action: - enum: - - convert - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - description: Source field to convert to a different data type - minLength: 1 - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - description: Skip processing when source field is missing - type: boolean - to: - description: Target field for the converted value (defaults to source) - minLength: 1 - type: string - type: - description: 'Target data type: integer, long, double, boolean, or string' - enum: - - integer - - long - - double - - boolean - - string - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - type - - additionalProperties: false - description: Base processor options plus conditional execution - type: object - properties: - action: - enum: - - concat - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - from: - items: - anyOf: - - additionalProperties: false - type: object - properties: - type: - enum: - - field - type: string - value: - description: A non-empty string. - minLength: 1 - type: string - required: - - type - - value - - additionalProperties: false - type: object - properties: - type: - enum: - - literal - type: string - value: - type: string - required: - - type - - value - minItems: 1 - type: array - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - ignore_missing: - type: boolean - to: - description: A non-empty string. - minLength: 1 - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - from - - to - - additionalProperties: false - description: Manual ingest pipeline wrapper around native Elasticsearch processors - type: object - properties: - action: - description: Manual ingest pipeline - executes raw Elasticsearch ingest processors - enum: - - manual_ingest_pipeline - type: string - customIdentifier: - description: Custom identifier to correlate this processor across outputs - minLength: 1 - type: string - description: - description: Human-readable notes about this processor step - type: string - ignore_failure: - description: Continue pipeline execution if this processor fails - type: boolean - on_failure: - description: Fallback processors to run when a processor fails - items: - additionalProperties: {} - type: object - type: array - processors: - description: List of raw Elasticsearch ingest processors to run - items: - additionalProperties: false - type: object - properties: - append: {} - attachment: {} - bytes: {} - circle: {} - community_id: {} - convert: {} - csv: {} - date: {} - date_index_name: {} - dissect: {} - dot_expander: {} - drop: {} - enrich: {} - fail: {} - fingerprint: {} - foreach: {} - geo_grid: {} - geoip: {} - grok: {} - gsub: {} - html_strip: {} - inference: {} - ip_location: {} - join: {} - json: {} - kv: {} - lowercase: {} - network_direction: {} - pipeline: {} - redact: {} - registered_domain: {} - remove: {} - rename: {} - reroute: {} - script: {} - set: {} - set_security_user: {} - sort: {} - split: {} - terminate: {} - trim: {} - uppercase: {} - uri_parts: {} - urldecode: {} - user_agent: {} - required: - - append - - attachment - - bytes - - circle - - community_id - - convert - - csv - - date - - date_index_name - - dissect - - dot_expander - - drop - - enrich - - fail - - fingerprint - - foreach - - ip_location - - geo_grid - - geoip - - grok - - gsub - - html_strip - - inference - - join - - json - - kv - - lowercase - - network_direction - - pipeline - - redact - - registered_domain - - remove - - rename - - reroute - - script - - set - - set_security_user - - sort - - split - - terminate - - trim - - uppercase - - urldecode - - uri_parts - - user_agent - type: array - tag: - description: Optional ingest processor tag for Elasticsearch - type: string - where: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: Conditional expression controlling whether this processor runs - required: - - action - - processors - - additionalProperties: false - type: object - properties: - condition: - allOf: - - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - - type: object - properties: - steps: - items: {} - type: array - required: - - steps - customIdentifier: - type: string - required: - - condition - type: array - updated_at: - not: {} - required: - - steps - settings: - additionalProperties: false - type: object - properties: - index.number_of_replicas: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.number_of_shards: - additionalProperties: false - type: object - properties: - value: - type: number - required: - - value - index.refresh_interval: - additionalProperties: false - type: object - properties: - value: - anyOf: - - type: string - - enum: - - -1 - type: number - required: - - value - required: - - lifecycle - - processing - - settings - - failure_store - - type: object - properties: - classic: - additionalProperties: false - type: object - properties: - field_overrides: - additionalProperties: - allOf: - - additionalProperties: - anyOf: - - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: - - 'null' - nullable: true - - not: {} - type: array - - items: {} - type: array - - {} - type: object - - anyOf: - - additionalProperties: false - type: object - properties: - format: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - keyword - - match_only_text - - long - - double - - date - - boolean - - ip - - geo_point - type: string - required: - - type - - additionalProperties: false - type: object - properties: - type: - enum: - - system - type: string - required: - - type - type: object - required: - - classic - required: - - ingest + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request' responses: {} summary: Update ingest stream settings tags: @@ -88697,73 +30530,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - description: - type: string - include: - anyOf: - - additionalProperties: false - type: object - properties: - objects: - additionalProperties: false - type: object - properties: - all: - additionalProperties: false - type: object - properties: {} - required: - - all - required: - - objects - - additionalProperties: false - type: object - properties: - objects: - additionalProperties: false - type: object - properties: - mappings: - type: boolean - queries: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - routing: - items: - allOf: - - {} - - type: object - properties: - destination: - type: string - required: - - destination - type: array - required: - - mappings - - queries - - routing - required: - - objects - name: - type: string - version: - type: string - required: - - name - - description - - version - - include + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request' responses: {} summary: Export stream content tags: @@ -88799,15 +30566,7 @@ paths: content: multipart/form-data: schema: - additionalProperties: false - type: object - properties: - content: {} - include: - type: string - required: - - include - - content + $ref: '#/components/schemas/ApiStreamsContentImport_Post_Request' responses: {} summary: Import content into a stream tags: @@ -88836,14 +30595,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsQueries_Get_Request' responses: {} summary: Get stream queries tags: @@ -88880,249 +30632,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - operations: - items: - anyOf: - - additionalProperties: false - type: object - properties: - index: - allOf: - - type: object - properties: - id: - description: A non-empty string. - minLength: 1 - type: string - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - id - - title - - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - required: - - kql - required: - - index - - additionalProperties: false - type: object - properties: - delete: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - required: - - delete - type: array - required: - - operations + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request' responses: {} summary: Bulk update queries tags: @@ -89164,14 +30674,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request' responses: {} summary: Remove a query from a stream tags: @@ -89212,213 +30715,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - evidence: - items: - type: string - type: array - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - description: A non-empty string. - minLength: 1 - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - severity_score: - type: number - title: - description: A non-empty string. - minLength: 1 - type: string - required: - - title - - kql + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request' responses: {} summary: Upsert a query to a stream tags: @@ -89469,14 +30766,7 @@ paths: content: application/json: schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request' responses: {} summary: Read the significant events tags: @@ -89535,193 +30825,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - system: - additionalProperties: false - type: object - properties: - description: - type: string - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - type: string - type: - enum: - - system - type: string - required: - - type - - name - - description - - filter + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request' responses: {} summary: Generate significant events tags: @@ -89773,206 +30877,7 @@ paths: content: application/json: schema: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - feature: - additionalProperties: false - type: object - properties: - filter: - anyOf: - - anyOf: - - additionalProperties: false - description: A condition that compares a field to a value or range using an operator as the key. - type: object - properties: - contains: - anyOf: - - type: string - - type: number - - type: boolean - description: Contains comparison value. - endsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Ends-with comparison value. - eq: - anyOf: - - type: string - - type: number - - type: boolean - description: Equality comparison value. - field: - description: The document field to filter on. - minLength: 1 - type: string - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than comparison value. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: Greater-than-or-equal comparison value. - includes: - anyOf: - - type: string - - type: number - - type: boolean - description: Checks if multivalue field includes the value. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than comparison value. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: Less-than-or-equal comparison value. - neq: - anyOf: - - type: string - - type: number - - type: boolean - description: Inequality comparison value. - range: - additionalProperties: false - description: Range comparison values. - type: object - properties: - gt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - gte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lt: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - lte: - anyOf: - - type: string - - type: number - - type: boolean - description: A value that can be a string, number, or boolean. - startsWith: - anyOf: - - type: string - - type: number - - type: boolean - description: Starts-with comparison value. - required: - - field - - additionalProperties: false - description: A condition that checks for the existence or non-existence of a field. - type: object - properties: - exists: - description: Indicates whether the field exists or not. - type: boolean - field: - description: The document field to check. - minLength: 1 - type: string - required: - - field - description: A basic filter condition, either unary or binary. - - additionalProperties: false - description: A logical AND that groups multiple conditions. - type: object - properties: - and: - description: An array of conditions. All sub-conditions must be true for this condition to be true. - items: {} - type: array - required: - - and - - additionalProperties: false - description: A logical OR that groups multiple conditions. - type: object - properties: - or: - description: An array of conditions. At least one sub-condition must be true for this condition to be true. - items: {} - type: array - required: - - or - - additionalProperties: false - description: A logical NOT that negates a condition. - type: object - properties: - not: - description: A condition that negates another condition. - required: - - not - - additionalProperties: false - description: A condition that always evaluates to false. - type: object - properties: - never: - additionalProperties: false - description: An empty object. This condition never matches. - type: object - properties: {} - required: - - never - - additionalProperties: false - description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. - type: object - properties: - always: - additionalProperties: false - description: An empty object. This condition always matches. - type: object - properties: {} - required: - - always - description: The root condition object. It can be a simple filter or a combination of other conditions. - name: - type: string - type: - enum: - - system - type: string - required: - - name - - filter - - type - kql: - additionalProperties: false - type: object - properties: - query: - type: string - required: - - query - required: - - kql - required: - - query + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request' responses: {} summary: Preview significant events tags: @@ -90040,14 +30945,7 @@ paths: listAttachmentsExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request' responses: '200': content: @@ -90115,55 +31013,7 @@ paths: id: rule-456 type: rule schema: - additionalProperties: false - type: object - properties: - operations: - items: - anyOf: - - additionalProperties: false - type: object - properties: - index: - additionalProperties: false - type: object - properties: - id: - type: string - type: - enum: - - dashboard - - rule - - slo - type: string - required: - - id - - type - required: - - index - - additionalProperties: false - type: object - properties: - delete: - additionalProperties: false - type: object - properties: - id: - type: string - type: - enum: - - dashboard - - rule - - slo - type: string - required: - - id - - type - required: - - delete - type: array - required: - - operations + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request' responses: '200': content: @@ -90228,14 +31078,7 @@ paths: unlinkAttachmentExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request' responses: '200': content: @@ -90299,14 +31142,7 @@ paths: linkAttachmentExample: value: {} schema: - anyOf: - - additionalProperties: false - type: object - properties: {} - - enum: - - 'null' - nullable: true - - not: {} + $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request' responses: '200': content: @@ -90362,44 +31198,7 @@ paths: ] } schema: - type: object - properties: - errors: - description: Array of errors encountered while triggering the test, one per service location. - items: - type: object - properties: - error: - type: object - properties: - failed_monitors: - description: Optional list of monitors that failed at the location. - items: - type: object - nullable: true - type: array - reason: - description: Human-readable explanation of the failure. - type: string - status: - description: HTTP status code returned by the agent. - type: integer - required: - - status - - reason - - failed_monitors - locationId: - description: Identifier of the service location where the error occurred. - type: string - required: - - locationId - - error - type: array - testRunId: - description: Unique identifier for the triggered test run. - type: string - required: - - testRunId + $ref: '#/components/schemas/ApiSyntheticsMonitorTest_Post_Response_200' description: Test run triggered successfully. '404': description: Monitor not found. @@ -90583,7 +31382,7 @@ paths: "perPage": 10, } schema: - type: object + $ref: '#/components/schemas/ApiSyntheticsMonitors_Get_Response_200' description: A successful response. summary: Get monitors tags: @@ -90648,15 +31447,7 @@ paths: "locations": ["united_kingdom"] } schema: - description: | - The request body should contain the attributes of the monitor you want to create. The required and default fields differ depending on the monitor type. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/Synthetics_browserMonitorFields' - - $ref: '#/components/schemas/Synthetics_httpMonitorFields' - - $ref: '#/components/schemas/Synthetics_icmpMonitorFields' - - $ref: '#/components/schemas/Synthetics_tcpMonitorFields' + $ref: '#/components/schemas/ApiSyntheticsMonitors_Post_Request' required: true responses: '200': @@ -90692,15 +31483,7 @@ paths: ] } schema: - type: object - properties: - ids: - description: An array of monitor IDs to delete. - items: - type: string - type: array - required: - - ids + $ref: '#/components/schemas/ApiSyntheticsMonitorsBulkDelete_Post_Request' required: true responses: '200': @@ -90722,16 +31505,7 @@ paths: ] schema: items: - description: The API response includes information about the deleted monitors. - type: object - properties: - deleted: - description: | - If it is `true`, the monitor was successfully deleted If it is `false`, the monitor was not deleted. - type: boolean - ids: - description: The unique identifier of the deleted monitor. - type: string + $ref: '#/components/schemas/ApiSyntheticsMonitorsBulkDelete_Post_Response_200_Item' type: array description: A successful response. summary: Delete monitors @@ -90841,7 +31615,7 @@ paths: "url": "https://fast.com" } schema: - type: object + $ref: '#/components/schemas/ApiSyntheticsMonitors_Get_Response_200_1' description: A successful response. '404': description: If the monitor is not found, the API returns a 404 error. @@ -90922,16 +31696,7 @@ paths: "locations": ["united_kingdom"] } schema: - description: | - The request body should contain the attributes of the monitor you want to update. The required and default fields differ depending on the monitor type. - discriminator: - propertyName: type - oneOf: - - $ref: '#/components/schemas/Synthetics_browserMonitorFields' - - $ref: '#/components/schemas/Synthetics_httpMonitorFields' - - $ref: '#/components/schemas/Synthetics_icmpMonitorFields' - - $ref: '#/components/schemas/Synthetics_tcpMonitorFields' - type: object + $ref: '#/components/schemas/ApiSyntheticsMonitors_Put_Request' required: true responses: '200': @@ -91052,11 +31817,7 @@ paths: } ] schema: - oneOf: - - items: - $ref: '#/components/schemas/Synthetics_parameterRequest' - type: array - - $ref: '#/components/schemas/Synthetics_parameterRequest' + $ref: '#/components/schemas/ApiSyntheticsParams_Post_Request' description: The request body can contain either a single parameter object or an array of parameter objects. required: true responses: @@ -91093,11 +31854,7 @@ paths: } ] schema: - oneOf: - - items: - $ref: '#/components/schemas/Synthetics_postParameterResponse' - type: array - - $ref: '#/components/schemas/Synthetics_postParameterResponse' + $ref: '#/components/schemas/ApiSyntheticsParams_Post_Response_200' description: A successful response. summary: Add parameters tags: @@ -91128,13 +31885,7 @@ paths: "ids": ["param1-id", "param2-id"] } schema: - type: object - properties: - ids: - description: An array of parameter IDs to delete. - items: - type: string - type: array + $ref: '#/components/schemas/ApiSyntheticsParamsBulkDelete_Post_Request' required: true responses: '200': @@ -91151,15 +31902,7 @@ paths: ] schema: items: - type: object - properties: - deleted: - description: | - Indicates whether the parameter was successfully deleted. It is `true` if it was deleted. It is `false` if it was not deleted. - type: boolean - id: - description: The unique identifier for the deleted parameter. - type: string + $ref: '#/components/schemas/ApiSyntheticsParamsBulkDelete_Post_Response_200_Item' type: array description: A successful response. summary: Delete parameters @@ -91282,22 +32025,7 @@ paths: "tags": ["authentication", "security", "updated"] } schema: - type: object - properties: - description: - description: The updated description of the parameter. - type: string - key: - description: The key of the parameter. - type: string - tags: - description: An array of updated tags to categorize the parameter. - items: - type: string - type: array - value: - description: The updated value associated with the parameter. - type: string + $ref: '#/components/schemas/ApiSyntheticsParams_Put_Request' description: The request body cannot be empty; at least one attribute is required. required: true responses: @@ -91315,7 +32043,7 @@ paths: "tags": ["authentication", "security", "updated"] } schema: - type: object + $ref: '#/components/schemas/ApiSyntheticsParams_Put_Response_200' description: A successful response. summary: Update a parameter tags: @@ -91405,41 +32133,7 @@ paths: "spaces": ["default"] } schema: - type: object - properties: - agentPolicyId: - description: The ID of the agent policy associated with the private location. - type: string - geo: - description: Geographic coordinates (WGS84) for the location. - type: object - properties: - lat: - description: The latitude of the location. - type: number - lon: - description: The longitude of the location. - type: number - required: - - lat - - lon - label: - description: A label for the private location. - type: string - spaces: - description: | - An array of space IDs where the private location is available. If it is not provided, the private location is available in all spaces. - items: - type: string - type: array - tags: - description: An array of tags to categorize the private location. - items: - type: string - type: array - required: - - agentPolicyId - - label + $ref: '#/components/schemas/ApiSyntheticsPrivateLocations_Post_Request' required: true responses: '200': @@ -91459,7 +32153,7 @@ paths: } } schema: - type: object + $ref: '#/components/schemas/ApiSyntheticsPrivateLocations_Post_Response_200' description: A successful response. '400': description: If the `agentPolicyId` is already used by an existing private location or if the `label` already exists, the API will return a 400 Bad Request response with a corresponding error message. @@ -91575,14 +32269,7 @@ paths: "label": "Updated Private Location Name" } schema: - type: object - properties: - label: - description: A new label for the private location. Must be at least 1 character long. - minLength: 1 - type: string - required: - - label + $ref: '#/components/schemas/ApiSyntheticsPrivateLocations_Put_Request' required: true responses: '200': @@ -91653,25 +32340,7 @@ paths: content: application/json: schema: - type: object - properties: - savedObjectIds: - description: The list of IDs of the Timelines or Timeline templates to delete - example: - - 15c1929b-0af7-42bd-85a8-56e234cc7c4e - items: - type: string - type: array - searchIds: - description: Saved search IDs that should be deleted alongside the timelines - example: - - 23f3-43g34g322-e5g5hrh6h-45454 - - 6ce1b592-84e3-4b4a-9552-f189d4b82075 - items: - type: string - type: array - required: - - savedObjectIds + $ref: '#/components/schemas/ApiTimeline_Delete_Request' description: The IDs of the Timelines or Timeline templates to delete. required: true responses: @@ -91731,25 +32400,7 @@ paths: content: application/json: schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - description: The timeline object of the Timeline or Timeline template that you’re updating. - timelineId: - description: The `savedObjectId` of the Timeline or Timeline template that you’re updating. - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - nullable: true - type: string - version: - description: The version of the Timeline or Timeline template that you’re updating. - example: WzE0LDFd - nullable: true - type: string - required: - - timelineId - - version - - timeline + $ref: '#/components/schemas/ApiTimeline_Patch_Request' description: The Timeline updates, along with the Timeline ID and version. required: true responses: @@ -91763,15 +32414,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: update timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimeline_Patch_Response_405' description: Indicates that the user does not have the required access to create a Timeline. summary: Update a Timeline tags: @@ -91793,36 +32436,7 @@ paths: content: application/json: schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - description: A unique identifier for the Timeline template. - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - nullable: true - type: string - templateTimelineVersion: - description: Timeline template version number. - example: 12 - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - description: A unique identifier for the Timeline. - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline + $ref: '#/components/schemas/ApiTimeline_Post_Request' description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided. required: true responses: @@ -91836,15 +32450,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: update timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimeline_Post_Response_405' description: Indicates that there was an error in the Timeline creation. summary: Create a Timeline or Timeline template tags: @@ -91867,15 +32473,7 @@ paths: content: application/json: schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy + $ref: '#/components/schemas/ApiTimelineCopy_Get_Request' required: true responses: '200': @@ -91918,23 +32516,13 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Get_Response_403' description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Get_Response_409' description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`. summary: Get draft Timeline or Timeline template details tags: @@ -91958,12 +32546,7 @@ paths: content: application/json: schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType + $ref: '#/components/schemas/ApiTimelineDraft_Post_Request' description: The type of Timeline to create. Valid values are `default` and `template`. required: true responses: @@ -91977,23 +32560,13 @@ paths: content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Post_Response_403' description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application/json: schema: - type: object - properties: - message: - type: string - status_code: - type: number + $ref: '#/components/schemas/ApiTimelineDraft_Post_Response_409' description: Indicates that there is already a draft Timeline with the given `timelineId`. summary: Create a clean draft Timeline or Timeline template tags: @@ -92023,13 +32596,7 @@ paths: content: application/json: schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array + $ref: '#/components/schemas/ApiTimelineExport_Post_Request' description: The IDs of the Timelines to export. required: true responses: @@ -92044,12 +32611,7 @@ paths: content: application/ndjson: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelineExport_Post_Response_400' description: Indicates that the export size limit was exceeded. summary: Export Timelines tags: @@ -92072,25 +32634,7 @@ paths: content: application/json: schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType + $ref: '#/components/schemas/ApiTimelineFavorite_Patch_Request' description: The required fields used to favorite a (template) Timeline. required: true responses: @@ -92104,12 +32648,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelineFavorite_Patch_Response_403' description: Indicates the user does not have the required permissions to persist the favorite status. summary: Favorite a Timeline or Timeline template tags: @@ -92132,17 +32671,7 @@ paths: content: application/json: schema: - type: object - properties: - file: {} - isImmutable: - description: Whether the Timeline should be immutable - enum: - - 'true' - - 'false' - type: string - required: - - file + $ref: '#/components/schemas/ApiTimelineImport_Post_Request' description: The Timelines to import as a readable stream. required: true responses: @@ -92156,43 +32685,19 @@ paths: content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Invalid file extension - type: string - statusCode: - example: 400 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_400' description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Unable to find saved object client - type: string - statusCode: - example: 404 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_404' description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: Could not import timelines - type: string - statusCode: - example: 409 - type: number + $ref: '#/components/schemas/ApiTimelineImport_Post_Response_409' description: Indicates the import of Timelines was unsuccessful. summary: Import Timelines tags: @@ -92215,27 +32720,7 @@ paths: content: application/json: schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines + $ref: '#/components/schemas/ApiTimelinePrepackaged_Post_Request' description: The Timelines to install or update. required: true responses: @@ -92249,12 +32734,7 @@ paths: content: application/json: schema: - type: object - properties: - body: - type: string - statusCode: - type: number + $ref: '#/components/schemas/ApiTimelinePrepackaged_Post_Response_500' description: Indicates the installation of prepackaged Timelines was unsuccessful. summary: Install prepackaged Timelines tags: @@ -92365,53 +32845,13 @@ paths: content: application/json: schema: - type: object - properties: - customTemplateTimelineCount: - description: The amount of custom Timeline templates in the results - example: 2 - type: number - defaultTimelineCount: - description: The amount of `default` type Timelines in the results - example: 90 - type: number - elasticTemplateTimelineCount: - description: The amount of Elastic's Timeline templates in the results - example: 8 - type: number - favoriteCount: - description: The amount of favorited Timelines - example: 5 - type: number - templateTimelineCount: - description: The amount of Timeline templates in the results - example: 10 - type: number - timeline: - items: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - type: array - totalCount: - description: The total amount of results - example: 100 - type: number - required: - - timeline - - totalCount + $ref: '#/components/schemas/ApiTimelines_Get_Response_200' description: Indicates that the (template) Timelines were found and returned. '400': content: application/json: schema: - type: object - properties: - body: - description: The error message - example: get timeline error - type: string - statusCode: - example: 405 - type: number + $ref: '#/components/schemas/ApiTimelines_Get_Response_400' description: Bad request. The user supplied invalid data. summary: Get Timelines or Timeline templates tags: @@ -92480,7 +32920,7 @@ paths: } } schema: - type: object + $ref: '#/components/schemas/ApiUptimeSettings_Get_Response_200' description: Indicates a successful call summary: Get uptime settings tags: @@ -92528,45 +32968,7 @@ paths: "heartbeatIndices": "heartbeat-8*", } schema: - type: object - properties: - certAgeThreshold: - default: 730 - description: The number of days after a certificate is created to trigger an alert. - type: number - certExpirationThreshold: - default: 30 - description: The number of days before a certificate expires to trigger an alert. - type: number - defaultConnectors: - default: [] - description: A list of connector IDs to be used as default connectors for new alerts. - type: array - defaultEmail: - description: | - The default email configuration for new alerts. - type: object - properties: - bcc: - default: [] - items: - type: string - type: array - cc: - default: [] - items: - type: string - type: array - to: - default: [] - items: - type: string - type: array - heartbeatIndices: - default: heartbeat-* - description: | - An index pattern string to be used within the Uptime app and alerts to query Heartbeat data. - type: string + $ref: '#/components/schemas/ApiUptimeSettings_Put_Request' responses: '200': content: @@ -92590,7 +32992,7 @@ paths: } } schema: - type: object + $ref: '#/components/schemas/ApiUptimeSettings_Put_Response_200' description: Indicates a successful call summary: Update uptime settings tags: @@ -98657,15 +39059,7 @@ components: description: TBD type: string properties: - additionalProperties: - type: object - properties: - type: - description: The data type for each object property. - type: string - description: | - Details about the object properties. This property is applicable when `type` is `object`. - type: object + $ref: '#/components/schemas/Alerting_fieldmap_properties_Properties' required: description: Indicates whether the field is required. type: boolean @@ -98837,43 +39231,14 @@ components: type: object properties: agentKey: - description: Agent key - type: object - properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - required: - - id - - name - - api_key - - encoded + $ref: '#/components/schemas/APM_UI_agent_keys_response_AgentKey' APM_UI_annotation_search_response: type: object properties: annotations: description: Annotations items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string + $ref: '#/components/schemas/APM_UI_annotation_search_response_Annotations_Item' type: array APM_UI_base_source_map_object: type: object @@ -98924,17 +39289,7 @@ components: description: The message displayed in the annotation. It defaults to `service.version`. type: string service: - description: The service that identifies the configuration to create or update. - type: object - properties: - environment: - description: The environment of the service. - type: string - version: - description: The version of the service. - type: string - required: - - version + $ref: '#/components/schemas/APM_UI_create_annotation_object_Service' tags: description: | Tags are used by the Applications UI to distinguish APM annotations from other annotations. Tags may have additional functionality in future releases. It defaults to `[apm]`. While you can add additional tags, you cannot remove the `apm` tag. @@ -98954,38 +39309,7 @@ components: description: Index type: string _source: - description: Response - type: object - properties: - '@timestamp': - type: string - annotation: - type: object - properties: - title: - type: string - type: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array + $ref: '#/components/schemas/APM_UI_create_annotation_response__source' APM_UI_delete_agent_configurations_response: type: object properties: @@ -99074,12 +39398,7 @@ components: type: object APM_UI_single_agent_configuration_response: allOf: - - type: object - properties: - id: - type: string - required: - - id + - $ref: '#/components/schemas/APM_UI_single_agent_configuration_response_1' - $ref: '#/components/schemas/APM_UI_agent_configuration_object' APM_UI_source_maps_response: type: object @@ -99088,36 +39407,7 @@ components: description: Artifacts items: allOf: - - type: object - properties: - body: - type: object - properties: - bundleFilepath: - type: string - serviceName: - type: string - serviceVersion: - type: string - sourceMap: - type: object - properties: - file: - type: string - mappings: - type: string - sourceRoot: - type: string - sources: - items: - type: string - type: array - sourcesContent: - items: - type: string - type: array - version: - type: number + - $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_1' - $ref: '#/components/schemas/APM_UI_base_source_map_object' type: array APM_UI_upload_source_map_object: @@ -99145,10 +39435,7 @@ components: - sourcemap APM_UI_upload_source_maps_response: allOf: - - type: object - properties: - body: - type: string + - $ref: '#/components/schemas/APM_UI_upload_source_maps_response_1' - $ref: '#/components/schemas/APM_UI_base_source_map_object' Cases_4xx_response: properties: @@ -99257,27 +39544,7 @@ components: format: date-time type: string created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/Cases_alert_comment_response_properties_Created_by' id: example: 73362370-ab1a-11ec-985f-97e55adae8b9 type: string @@ -99294,39 +39561,9 @@ components: nullable: true type: string pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/Cases_alert_comment_response_properties_Pushed_by' rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string + $ref: '#/components/schemas/Cases_alert_comment_response_properties_Rule' type: enum: - alert @@ -99337,28 +39574,7 @@ components: nullable: true type: string updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/Cases_alert_comment_response_properties_Updated_by' version: example: WzMwNDgsMV0= type: string @@ -99369,22 +39585,16 @@ components: The alert identifiers. It is required only when `type` is `alert`. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; `index` must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array + - $ref: '#/components/schemas/Cases_alert_identifiers_1' + - $ref: '#/components/schemas/Cases_alert_identifiers_2' title: Alert identifiers x-state: Technical preview Cases_alert_indices: description: | The alert indices. It is required only when `type` is `alert`. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the `alertId` array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array + - $ref: '#/components/schemas/Cases_alert_indices_1' + - $ref: '#/components/schemas/Cases_alert_indices_2' title: Alert indices x-state: Technical preview Cases_alert_response_properties: @@ -99402,14 +39612,7 @@ components: Cases_assignees: description: An array containing users that are assigned to the case. items: - type: object - properties: - uid: - description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid + $ref: '#/components/schemas/Cases_assignees_Item' maxItems: 10 nullable: true type: array @@ -99532,28 +39735,7 @@ components: customFields: description: Custom field values for the case. items: - type: object - properties: - key: - description: | - The unique identifier for the custom field. The key value must exist in the case configuration settings. - type: string - type: - description: | - The custom field type. It must match the type specified in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: | - The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean + $ref: '#/components/schemas/Cases_case_response_properties_CustomFields_Item' type: array description: example: A case description. @@ -99737,25 +39919,7 @@ components: type: object properties: fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - properties: - issueType: - description: The type of issue. - nullable: true - type: string - parent: - description: The key of the parent issue, when the issue type is sub-task. - nullable: true - type: string - priority: - description: The priority of the issue. - nullable: true - type: string - required: - - issueType - - parent - - priority + $ref: '#/components/schemas/Cases_connector_properties_jira_Fields' id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -99808,21 +39972,7 @@ components: type: object properties: fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - nullable: true - type: object - properties: - issueTypes: - description: The type of incident. - items: - type: string - type: array - severityCode: - description: The severity code of the incident. - type: string - required: - - issueTypes - - severityCode + $ref: '#/components/schemas/Cases_connector_properties_resilient_Fields' id: description: The identifier for the connector. type: string @@ -99846,35 +39996,7 @@ components: type: object properties: fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - impact: - description: The effect an incident had on business. - nullable: true - type: string - severity: - description: The severity of the incident. - nullable: true - type: string - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true - type: string - required: - - category - - impact - - severity - - subcategory - - urgency + $ref: '#/components/schemas/Cases_connector_properties_servicenow_Fields' id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -99898,45 +40020,7 @@ components: type: object properties: fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - destIp: - description: Indicates whether cases will send a comma-separated list of destination IPs. - nullable: true - type: boolean - malwareHash: - description: Indicates whether cases will send a comma-separated list of malware hashes. - nullable: true - type: boolean - malwareUrl: - description: Indicates whether cases will send a comma-separated list of malware URLs. - nullable: true - type: boolean - priority: - description: The priority of the issue. - nullable: true - type: string - sourceIp: - description: Indicates whether cases will send a comma-separated list of source IPs. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory + $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir_Fields' id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -99960,15 +40044,7 @@ components: type: object properties: fields: - description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true - type: string - required: - - caseId + $ref: '#/components/schemas/Cases_connector_properties_swimlane_Fields' id: description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string @@ -100019,32 +40095,7 @@ components: description: | Custom field values for a case. Any optional custom fields that are not specified in the request are set to null. items: - type: object - properties: - key: - description: | - The unique identifier for the custom field. The key value must exist in the case configuration settings. - type: string - type: - description: | - The custom field type. It must match the type specified in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: | - The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value + $ref: '#/components/schemas/Cases_create_case_request_CustomFields_Item' maxItems: 10 minItems: 0 type: array @@ -100087,24 +40138,7 @@ components: format: date-time type: string pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string + $ref: '#/components/schemas/Cases_external_service_Pushed_by' Cases_owner: description: | The application that owns the cases: Stack Management, Observability, or Elastic Security. @@ -100122,39 +40156,7 @@ components: type: object properties: comment: - type: object - properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert - type: string + $ref: '#/components/schemas/Cases_payload_alert_comment_Comment' Cases_payload_assignees: type: object properties: @@ -100164,150 +40166,14 @@ components: type: object properties: connector: - type: object - properties: - fields: - description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: The effect an incident had on business for ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: The key of the parent issue, when the issue type is sub-task for Jira connectors. - type: string - priority: - description: The priority of the issue for Jira and ServiceNow SecOps connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: The severity code of the incident for IBM Resilient connectors. - type: string - sourceIp: - description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident for ServiceNow ITSM connectors. - type: string - urgency: - description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. - type: string - id: - description: The identifier for the connector. To create a case without a connector, use `none`. - example: none - type: string - name: - description: The name of the connector. To create a case without a connector, use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' + $ref: '#/components/schemas/Cases_payload_connector_Connector' Cases_payload_create_case: type: object properties: assignees: $ref: '#/components/schemas/Cases_assignees' connector: - type: object - properties: - fields: - description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - type: string - destIp: - description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: The effect an incident had on business for ServiceNow ITSM connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: The key of the parent issue, when the issue type is sub-task for Jira connectors. - type: string - priority: - description: The priority of the issue for Jira and ServiceNow SecOps connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: The severity code of the incident for IBM Resilient connectors. - type: string - sourceIp: - description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident for ServiceNow ITSM connectors. - type: string - urgency: - description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. - type: string - id: - description: The identifier for the connector. To create a case without a connector, use `none`. - example: none - type: string - name: - description: The name of the connector. To create a case without a connector, use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' + $ref: '#/components/schemas/Cases_payload_create_case_Connector' description: type: string owner: @@ -100373,16 +40239,7 @@ components: type: object properties: comment: - type: object - properties: - comment: - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - enum: - - user - type: string + $ref: '#/components/schemas/Cases_payload_user_comment_Comment' Cases_rule: description: | The rule that is associated with the alerts. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. @@ -100414,65 +40271,11 @@ components: closure_type: $ref: '#/components/schemas/Cases_closure_types' connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type + $ref: '#/components/schemas/Cases_set_case_configuration_request_Connector' customFields: description: Custom fields case configuration. items: - type: object - properties: - defaultValue: - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - required: - - key - - label - - required - - type + $ref: '#/components/schemas/Cases_set_case_configuration_request_CustomFields_Item' maxItems: 10 minItems: 0 type: array @@ -100513,76 +40316,7 @@ components: type: array Cases_templates: items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: | - The default value for the custom field when a case uses the template. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-state: Technical preview - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: | - A unique key for the template. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific template. - type: string - name: - description: The name of the template. - type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' + $ref: '#/components/schemas/Cases_templates_Item' type: array x-state: Technical preview Cases_update_alert_comment_request_properties: @@ -100640,65 +40374,11 @@ components: closure_type: $ref: '#/components/schemas/Cases_closure_types' connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. - example: none - type: string - name: - description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type + $ref: '#/components/schemas/Cases_update_case_configuration_request_Connector' customFields: description: Custom fields case configuration. items: - type: object - properties: - defaultValue: - description: | - A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: | - A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: | - Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. - type: boolean - required: - - key - - label - - required - - type + $ref: '#/components/schemas/Cases_update_case_configuration_request_CustomFields_Item' type: array templates: $ref: '#/components/schemas/Cases_templates' @@ -100717,77 +40397,7 @@ components: cases: description: An array containing one or more case objects. items: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: | - Custom field values for a case. Any optional custom fields that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: | - The unique identifier for the custom field. The key value must exist in the case configuration settings. - type: string - type: - description: | - The custom field type. It must match the type specified in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: | - The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 - type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: | - The current version of the case. To determine this value, use the get case or search cases (`_find`) APIs. - type: string - required: - - id - - version + $ref: '#/components/schemas/Cases_update_case_request_Cases_Item' maxItems: 100 minItems: 1 type: array @@ -100843,27 +40453,7 @@ components: format: date-time type: string created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/Cases_user_actions_find_response_properties_Created_by' id: example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string @@ -100995,44 +40585,7 @@ components: type: object properties: data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view' override: default: false description: Override an existing data view if a data view with the provided title already exists. @@ -101044,41 +40597,7 @@ components: type: object properties: data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view' Data_views_fieldattrs: description: A map of field attributes by field name. type: object @@ -101107,11 +40626,7 @@ components: type: object properties: script: - type: object - properties: - source: - description: Script for the runtime field. - type: string + $ref: '#/components/schemas/Data_views_runtimefieldmap_Script' type: description: Mapping type of the runtime field. type: string @@ -101121,12 +40636,7 @@ components: Data_views_sourcefilters: description: The array of field names you want to filter out in Discover. items: - type: object - properties: - value: - type: string - required: - - value + $ref: '#/components/schemas/Data_views_sourcefilters_Item' type: array Data_views_swap_data_view_request_object: title: Data view reference swap request @@ -101138,10 +40648,8 @@ components: forId: description: Limit the affected saved objects to one or more by identifier. oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Data_views_swap_data_view_request_object_ForId_1' + - $ref: '#/components/schemas/Data_views_swap_data_view_request_object_ForId_2' forType: description: Limit the affected saved objects by type. type: string @@ -101172,11 +40680,9 @@ components: type: object properties: aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object + $ref: '#/components/schemas/Data_views_typemeta_Aggs' params: - description: Properties for retrieving rollup fields. - type: object + $ref: '#/components/schemas/Data_views_typemeta_Params' required: - aggs - params @@ -101186,42 +40692,15 @@ components: type: object properties: aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object + $ref: '#/components/schemas/Data_views_typemeta_response_Aggs' params: - description: Properties for retrieving rollup fields. - type: object + $ref: '#/components/schemas/Data_views_typemeta_response_Params' Data_views_update_data_view_request_object: title: Update data view request type: object properties: data_view: - description: | - The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view' refresh_fields: default: false description: Reloads the data view fields after the data view is updated. @@ -101234,25 +40713,7 @@ components: type: object properties: status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse_Status' required: - status Kibana_HTTP_APIs_core_status_response: @@ -101261,240 +40722,17 @@ components: type: object properties: metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Metrics' name: description: Kibana instance name. type: string status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - http: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status' uuid: description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts. type: string version: - additionalProperties: false - type: object - properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: A unique hash value representing the git commit of this Kibana build. - type: string - build_number: - description: A monotonically increasing number, each subsequent build will have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. - type: string - required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Version' required: - name - uuid @@ -101504,15 +40742,9 @@ components: Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response_DatafeedsAdded' datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response_DatafeedsRemoved' savedObjectsCreated: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated' savedObjectsDeleted: @@ -101556,40 +40788,22 @@ components: description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API. properties: anomaly-detector: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' - description: If saved objects are missing for anomaly detection jobs, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Anomaly-detector' data-frame-analytics: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' - description: If saved objects are missing for data frame analytics jobs, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Data-frame-analytics' trained-model: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' - description: If saved objects are missing for trained models, they are created. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Trained-model' title: Sync API response for created saved objects type: object Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API. properties: anomaly-detector: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' - description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Anomaly-detector' data-frame-analytics: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' - description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Data-frame-analytics' trained-model: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' - description: If there are saved objects exist for nonexistent trained models, they are deleted. - type: object + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Trained-model' title: Sync API response for deleted saved objects type: object Machine_learning_APIs_mlSyncResponseSuccess: @@ -101651,8 +40865,7 @@ components: description: The name of the function. type: string parameters: - description: The parameters of the function. - type: object + $ref: '#/components/schemas/Observability_AI_Assistant_API_Function_Parameters' Observability_AI_Assistant_API_FunctionCall: description: Details of the function call within the message. type: object @@ -101675,20 +40888,8 @@ components: - trigger Observability_AI_Assistant_API_Instruction: oneOf: - - description: A simple instruction represented as a string. - type: string - - description: A detailed instruction with an ID and text. - type: object - properties: - id: - description: A unique identifier for the instruction. - type: string - text: - description: The text of the instruction. - type: string - required: - - id - - text + - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction_1' + - $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction_2' Observability_AI_Assistant_API_Message: name: Message type: object @@ -101697,27 +40898,7 @@ components: description: The timestamp when the message was created. type: string message: - description: The main content of the message. - type: object - properties: - content: - description: The content of the message. - type: string - data: - description: Additional data associated with the message. - type: string - event: - description: The event related to the message. - type: string - function_call: - $ref: '#/components/schemas/Observability_AI_Assistant_API_FunctionCall' - name: - description: The name associated with the message. - type: string - role: - $ref: '#/components/schemas/Observability_AI_Assistant_API_MessageRoleEnum' - required: - - role + $ref: '#/components/schemas/Observability_AI_Assistant_API_Message_Message' required: - '@timestamp' - message @@ -101864,20 +41045,7 @@ components: example: 5 type: integer attributes: - type: object - properties: - errors: - description: List of errors that occurred during the bulk operation. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse_Attributes' message: description: Message providing information about the bulk action result. example: Bulk action completed successfully @@ -102275,55 +41443,12 @@ components: - id Security_AI_Assistant_API_DocumentEntry: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name - - namespace - - global - - users + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntry_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_ResponseFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryResponseFields' Security_AI_Assistant_API_DocumentEntryCreateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryRequiredFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields' Security_AI_Assistant_API_DocumentEntryOptionalFields: @@ -102365,65 +41490,12 @@ components: - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryOptionalFields' Security_AI_Assistant_API_DocumentEntryUpdateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id + - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryUpdateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_DocumentEntryCreateFields' Security_AI_Assistant_API_EsqlContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - label: - description: Label of the query - example: High Severity Alerts - type: string - query: - description: An ESQL query - example: SELECT * FROM alerts WHERE severity = "high" - type: string - timerange: - description: Time range to select in the time picker. - type: object - properties: - from: - example: '2025-04-01T00:00:00Z' - type: string - to: - example: '2025-04-30T23:59:59Z' - type: string - required: - - from - - to - type: - enum: - - EsqlQuery - example: EsqlQuery - type: string - required: - - type - - query - - label + - $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference_2' description: References an ESQL query Security_AI_Assistant_API_FindAnonymizationFieldsSortField: enum: @@ -102462,73 +41534,16 @@ components: Security_AI_Assistant_API_HrefContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - href: - description: URL to the external resource - type: string - label: - description: Label of the query - type: string - type: - enum: - - Href - type: string - required: - - type - - href + - $ref: '#/components/schemas/Security_AI_Assistant_API_HrefContentReference_2' description: References an external URL Security_AI_Assistant_API_IndexEntry: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name - - namespace - - global - - users + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntry_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_ResponseFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryResponseFields' Security_AI_Assistant_API_IndexEntryCreateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - name + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryRequiredFields' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields' Security_AI_Assistant_API_IndexEntryOptionalFields: @@ -102581,90 +41596,22 @@ components: - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryOptionalFields' Security_AI_Assistant_API_IndexEntryUpdateFields: allOf: - - type: object - properties: - global: - description: Whether this Knowledge Base Entry is global, defaults to false. - example: false - type: boolean - id: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - name: - description: Name of the Knowledge Base Entry. - example: Example Entry - type: string - namespace: - description: Kibana Space, defaults to 'default' space. - example: default - type: string - users: - description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_User' - type: array - required: - - id + - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryUpdateFields_1' - $ref: '#/components/schemas/Security_AI_Assistant_API_IndexEntryCreateFields' Security_AI_Assistant_API_InputSchema: description: Array of objects defining the input schema, allowing the LLM to extract structured data to be used in retrieval. items: - type: object - properties: - description: - description: Description of the field. - example: The title of the document. - type: string - fieldName: - description: Name of the field. - example: title - type: string - fieldType: - description: Type of the field. - example: string - type: string - required: - - fieldName - - fieldType - - description + $ref: '#/components/schemas/Security_AI_Assistant_API_InputSchema_Item' type: array Security_AI_Assistant_API_InputTextInterruptResumeValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptResumeValue' - - type: object - properties: - type: - enum: - - INPUT_TEXT - example: INPUT_TEXT - type: string - value: - description: Text value used to resume the graph execution with. - example: .logs* - type: string - required: - - value - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_InputTextInterruptResumeValue_2' description: A resume value for input text Security_AI_Assistant_API_InputTextInterruptValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptValue' - - type: object - properties: - description: - description: Description of action required - example: What is the index you would like to use for the query. - type: string - placeholder: - description: Placeholder text for the input field - example: Enter index pattern here... - type: string - type: - enum: - - INPUT_TEXT - example: INPUT_TEXT - type: string - required: - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_InputTextInterruptValue_2' description: Interrupt that requests user to provide text input Security_AI_Assistant_API_InterruptResumeValue: description: Union of the interrupt resume values @@ -102711,27 +41658,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - description: List of errors encountered during the bulk action. - example: - - err_code: UPDATE_FAILED - knowledgeBaseEntries: - - id: '456' - name: Error Entry - message: Failed to update entry. - statusCode: 400 - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse_Attributes' knowledgeBaseEntriesCount: description: Total number of Knowledge Base Entries processed. example: 8 @@ -102819,25 +41746,7 @@ components: Security_AI_Assistant_API_KnowledgeBaseEntryContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - knowledgeBaseEntryId: - description: Id of the Knowledge Base Entry - example: kbentry456 - type: string - knowledgeBaseEntryName: - description: Name of the knowledge base entry - example: Network Security Best Practices - type: string - type: - enum: - - KnowledgeBaseEntry - example: KnowledgeBaseEntry - type: string - required: - - type - - knowledgeBaseEntryId - - knowledgeBaseEntryName + - $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryContentReference_2' description: References a knowledge base entry Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps: anyOf: @@ -103112,25 +42021,7 @@ components: Security_AI_Assistant_API_ProductDocumentationContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - title: - description: Title of the documentation - example: Getting Started with Security AI Assistant - type: string - type: - enum: - - ProductDocumentation - example: ProductDocumentation - type: string - url: - description: URL to the documentation - example: https://docs.example.com/security-ai-assistant - type: string - required: - - type - - title - - url + - $ref: '#/components/schemas/Security_AI_Assistant_API_ProductDocumentationContentReference_2' description: References the product documentation Security_AI_Assistant_API_PromptCreateProps: type: object @@ -103268,19 +42159,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' - type: array - results: - $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' - summary: - $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse_Attributes' message: description: A message describing the result of the bulk action. example: Bulk action completed successfully. @@ -103416,33 +42295,12 @@ components: Security_AI_Assistant_API_SecurityAlertContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - alertId: - description: ID of the Alert - example: alert789 - type: string - type: - enum: - - SecurityAlert - example: SecurityAlert - type: string - required: - - type - - alertId + - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertContentReference_2' description: References a security alert Security_AI_Assistant_API_SecurityAlertsPageContentReference: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference' - - type: object - properties: - type: - enum: - - SecurityAlertsPage - example: SecurityAlertsPage - type: string - required: - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertsPageContentReference_2' description: References the security alerts page Security_AI_Assistant_API_SelectOptionInterruptOption: description: A request approval option @@ -103473,47 +42331,12 @@ components: Security_AI_Assistant_API_SelectOptionInterruptResumeValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptResumeValue' - - type: object - properties: - type: - enum: - - SELECT_OPTION - example: SELECT_OPTION - type: string - value: - description: The value of the selected option to resume the graph execution with - example: option_1 - type: string - required: - - value - - type + - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptResumeValue_2' description: A request approval resume schema Security_AI_Assistant_API_SelectOptionInterruptValue: allOf: - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseInterruptValue' - - type: object - properties: - description: - description: Description of action required - example: Select one of the options - type: string - options: - description: List of actions to choose from - example: - - label: Option 1 - - label: Option 2 - items: - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptOption' - type: array - type: - enum: - - SELECT_OPTION - example: SELECT_OPTION - type: string - required: - - type - - description - - options + - $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptValue_2' description: Interrupt that requests user to select one of the provided options Security_AI_Assistant_API_SortOrder: description: The order in which results are sorted. @@ -103555,13 +42378,7 @@ components: example: bert-base-uncased type: string tokens: - additionalProperties: - type: number - description: Tokens with their corresponding values. - example: - token1: 0.123 - token2: 0.456 - type: object + $ref: '#/components/schemas/Security_AI_Assistant_API_Vector_Tokens' required: - modelId - tokens @@ -103918,17 +42735,10 @@ components: api_config: allOf: - $ref: '#/components/schemas/Security_Attack_discovery_API_ApiConfig' - - type: object - properties: - name: - description: The name of the connector - type: string - required: - - name + - $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Api_config_2' description: LLM API configuration. combined_filter: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Combined_filter' end: type: string filters: @@ -103997,15 +42807,7 @@ components: description: The connector id (event.dataset) for this generation type: string connector_stats: - description: Stats applicable to the connector for this generation - type: object - properties: - average_successful_duration_nanoseconds: - description: The average duration (avg event.duration) in nanoseconds of successful generations for the same connector id, for the current user - type: number - successful_generations: - description: The number of successful generations for the same connector id, for the current user - type: number + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration_Connector_stats' discoveries: description: The number of new Attack discovery alerts (max kibana.alert.rule.execution.metrics.alert_counts.new) for this generation type: number @@ -104062,33 +42864,7 @@ components: end: type: string filter: - additionalProperties: true - description: |- - An Elasticsearch-style query DSL object used to filter alerts. For example: - ```json { - "filter": { - "bool": { - "must": [], - "filter": [ - { - "bool": { - "should": [ - { - "term": { - "user.name": { "value": "james" } - } - } - ], - "minimum_should_match": 1 - } - } - ], - "should": [], - "must_not": [] - } - } - } ``` - type: object + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGenerationConfig_Filter' model: type: string replacements: @@ -104164,9 +42940,8 @@ components: type: string query: oneOf: - - type: string - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Attack_discovery_API_Query_Query_1' + - $ref: '#/components/schemas/Security_Attack_discovery_API_Query_Query_2' required: - query - language @@ -104230,15 +43005,7 @@ components: type: object properties: error: - type: object - properties: - message: - type: string - status_code: - type: string - required: - - message - - status_code + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationError_Error' index: type: string required: @@ -104278,14 +43045,11 @@ components: Security_Detections_API_AlertsSort: oneOf: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - - items: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - type: array + - $ref: '#/components/schemas/Security_Detections_API_AlertsSort_2' Security_Detections_API_AlertsSortCombinations: anyOf: - - type: string - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations_1' + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations_2' Security_Detections_API_AlertStatusExceptClosed: description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: @@ -104448,16 +43212,7 @@ components: - set_rule_actions type: string value: - type: object - properties: - actions: - items: - $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' - type: array - throttle: - $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' - required: - - actions + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions_Value' required: - type - value @@ -104475,24 +43230,7 @@ components: - set_schedule type: string value: - type: object - properties: - interval: - description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - lookback: - description: | - Lookback time for the rules. - - Additional look-back time that the rule analyzes. For example, "10m" means the rule analyzes the last 10 minutes of data in addition to the frequency interval. - example: 1h - pattern: ^[1-9]\d*[smh]$ - type: string - required: - - interval - - lookback + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule_Value' required: - type - value @@ -104552,15 +43290,7 @@ components: - set_timeline type: string value: - type: object - properties: - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - required: - - timeline_id - - timeline_title + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline_Value' required: - type - value @@ -104661,18 +43391,7 @@ components: - duplicate type: string duplicate: - description: Duplicate object that describes applying an update action. - type: object - properties: - include_exceptions: - description: Whether to copy exceptions from the original rule - type: boolean - include_expired_exceptions: - description: Whether to copy expired exceptions from the original rule - type: boolean - required: - - include_exceptions - - include_expired_exceptions + $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules_Duplicate' gap_fill_statuses: description: Gap fill statuses to filter rules with gaps by status (used together with gaps_range_*). items: @@ -104701,19 +43420,7 @@ components: type: object properties: attributes: - type: object - properties: - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' - type: array - results: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' - summary: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' - required: - - results - - summary + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse_Attributes' message: type: string rules_count: @@ -104883,18 +43590,7 @@ components: - fill_gaps type: string fill_gaps: - description: Object that describes applying a manual gap fill action for the specified time range. - type: object - properties: - end_date: - description: End date of the manual gap fill - type: string - start_date: - description: Start date of the manual gap fill - type: string - required: - - start_date - - end_date + $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps_Fill_gaps' gap_fill_statuses: description: Gap fill statuses to filter rules with gaps by status (used together with gaps_range_*). items: @@ -104950,18 +43646,7 @@ components: description: Query to filter rules. type: string run: - description: Object that describes applying a manual rule run action. - type: object - properties: - end_date: - description: End date of the manual rule run - type: string - start_date: - description: Start date of the manual rule run - type: string - required: - - start_date - - end_date + $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun_Run' required: - action - run @@ -104995,8 +43680,7 @@ components: - proceed type: string query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_CloseAlertsByQuery_Query' reason: $ref: '#/components/schemas/Security_Detections_API_ReasonEnum' status: @@ -105024,16 +43708,7 @@ components: - command Security_Detections_API_EcsMapping: additionalProperties: - type: object - properties: - field: - type: string - value: - oneOf: - - type: string - - items: - type: string - type: array + $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value' description: 'Map Osquery results columns or static values to Elastic Common Schema (ECS) fields. Example: "ecs_mapping": {"process.pid": {"field": "pid"}}' type: object Security_Detections_API_EndpointResponseAction: @@ -105090,122 +43765,7 @@ components: - language Security_Detections_API_EqlRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_EqlRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' Security_Detections_API_EqlRuleCreateFields: @@ -105214,221 +43774,15 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' Security_Detections_API_EqlRulePatchFields: allOf: - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' - description: Query language to use - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - eql - type: string + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' Security_Detections_API_EqlRuleResponseFields: allOf: @@ -105436,124 +43790,14 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' Security_Detections_API_EqlRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' Security_Detections_API_ErrorSchema: additionalProperties: false type: object properties: error: - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema_Error' id: type: string item_id: @@ -105572,122 +43816,7 @@ components: type: string Security_Detections_API_EsqlRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' Security_Detections_API_EsqlRuleCreateFields: @@ -105696,106 +43825,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' Security_Detections_API_EsqlRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' Security_Detections_API_EsqlRuleOptionalFields: type: object @@ -105804,112 +43834,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' Security_Detections_API_EsqlRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - language: - $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - type: - description: Rule type - enum: - - esql - type: string - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' Security_Detections_API_EsqlRuleRequiredFields: type: object @@ -105933,108 +43858,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' Security_Detections_API_EsqlRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' Security_Detections_API_EventCategoryOverride: type: string @@ -106053,13 +43877,7 @@ components: Security_Detections_API_ExternalRuleCustomizedFields: description: An array of customized field names — that is, fields that the user has modified from their base value. Defaults to an empty array. items: - type: object - properties: - field_name: - description: Name of a user-modified field in the rule object. - type: string - required: - - field_name + $ref: '#/components/schemas/Security_Detections_API_ExternalRuleCustomizedFields_Item' type: array Security_Detections_API_ExternalRuleHasBaseVersion: description: Determines whether an external/prebuilt rule has its original, unmodified version present when the calculation of its customization status is performed (`rule_source.is_customized` and `rule_source.customized_fields`). @@ -106189,129 +44007,11 @@ components: Security_Detections_API_MachineLearningJobId: description: Machine learning job ID(s) the rule monitors for anomaly scores. oneOf: - - type: string - - items: - type: string - minItems: 1 - type: array + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId_1' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId_2' Security_Detections_API_MachineLearningRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields' Security_Detections_API_MachineLearningRuleCreateFields: @@ -106320,106 +44020,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MachineLearningRuleOptionalFields: type: object @@ -106428,117 +44029,11 @@ components: $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' Security_Detections_API_MachineLearningRulePatchFields: allOf: - - type: object - properties: - anomaly_threshold: - $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' - machine_learning_job_id: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' - type: - description: Rule type - enum: - - machine_learning - type: string + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields' Security_Detections_API_MachineLearningRuleRequiredFields: type: object @@ -106562,108 +44057,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MaxSignals: default: 100 @@ -106679,15 +44073,7 @@ components: destinationIndex: type: string error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code + $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult_Error' id: type: string sourceIndex: @@ -106718,15 +44104,7 @@ components: destinationIndex: type: string error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - message - - status_code + $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult_Error' id: type: string sourceIndex: @@ -106780,122 +44158,7 @@ components: type: array Security_Detections_API_NewTermsRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields' Security_Detections_API_NewTermsRuleCreateFields: @@ -106905,106 +44168,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NewTermsRuleDefaultableFields: type: object @@ -107024,120 +44188,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' Security_Detections_API_NewTermsRulePatchFields: allOf: - - type: object - properties: - history_window_start: - $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' - new_terms_fields: - $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - type: - description: Rule type - enum: - - new_terms - type: string + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' Security_Detections_API_NewTermsRuleRequiredFields: type: object @@ -107162,116 +44218,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields_3' Security_Detections_API_NewTermsRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NonEmptyString: description: A string that does not contain only whitespace characters @@ -107394,17 +44344,7 @@ components: description: 'Add a note that explains or describes the action. You can find your comment in the response actions history log. Example: "comment": "Check processes"' type: string config: - type: object - properties: - field: - description: Field to use instead of process.pid - type: string - overwrite: - default: true - description: Whether to overwrite field with process.pid - type: boolean - required: - - field + $ref: '#/components/schemas/Security_Detections_API_ProcessesParams_Config' required: - command - config @@ -107413,24 +44353,19 @@ components: properties: _source: oneOf: - - type: boolean - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_1' + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_2' + - $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams__source_3' aggs: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Aggs' fields: items: type: string type: array query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Query' runtime_mappings: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_QueryAlertsBodyParams_Runtime_mappings' size: minimum: 0 type: integer @@ -107440,122 +44375,7 @@ components: type: boolean Security_Detections_API_QueryRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_QueryRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' Security_Detections_API_QueryRuleCreateFields: @@ -107565,106 +44385,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_QueryRuleDefaultableFields: type: object @@ -107688,114 +44409,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' Security_Detections_API_QueryRulePatchFields: allOf: - - type: object - properties: - type: - description: Rule type - enum: - - query - type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' Security_Detections_API_QueryRuleRequiredFields: type: object @@ -107811,119 +44430,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - required: - - query - - language + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields_3' Security_Detections_API_QueryRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_ReasonEnum: description: The reason for closing the alerts @@ -108092,23 +44602,7 @@ components: Security_Detections_API_RiskScoreMapping: description: Overrides generated alerts' risk_score with a value from the source event items: - type: object - properties: - field: - description: Source event field used to override the default `risk_score`. - type: string - operator: - enum: - - equals - type: string - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - value: - type: string - required: - - field - - operator - - value + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping_Item' type: array Security_Detections_API_RuleAction: type: object @@ -108229,14 +44723,8 @@ components: Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. oneOf: - - enum: - - no_actions - - rule - type: string - - description: Time interval in seconds, minutes, hours, or days. - example: 1h - pattern: ^[1-9]\d*[smhd]$ - type: string + - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle_1' + - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle_2' Security_Detections_API_RuleAuthorArray: description: The rule’s author. items: @@ -108308,18 +44796,7 @@ components: minimum: 0 type: integer gap_range: - description: Range of the execution gap - type: object - properties: - gte: - description: Start date of the execution gap - type: string - lte: - description: End date of the execution gap - type: string - required: - - gte - - lte + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics_Gap_range' total_enrichment_duration_ms: description: Total time spent enriching documents during current rule execution cycle minimum: 0 @@ -108357,27 +44834,7 @@ components: type: object properties: last_execution: - type: object - properties: - date: - description: Date of the last execution - format: date-time - type: string - message: - type: string - metrics: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' - status: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' - description: Status of the last execution - status_order: - $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' - required: - - date - - status - - status_order - - message - - metrics + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary_Last_execution' required: - last_execution Security_Detections_API_RuleFalsePositiveArray: @@ -108566,122 +45023,7 @@ components: type: string Security_Detections_API_SavedQueryRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields' Security_Detections_API_SavedQueryRuleCreateFields: @@ -108691,106 +45033,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SavedQueryRuleDefaultableFields: type: object @@ -108812,116 +45055,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleQuery' Security_Detections_API_SavedQueryRulePatchFields: allOf: - - type: object - properties: - saved_id: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' - type: - description: Rule type - enum: - - saved_query - type: string + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields' Security_Detections_API_SavedQueryRuleRequiredFields: type: object @@ -108940,116 +45079,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields_3' Security_Detections_API_SavedQueryRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SetAlertAssigneesBody: type: object @@ -109104,8 +45137,7 @@ components: - proceed type: string query: - additionalProperties: true - type: object + $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQueryBase_Query' status: $ref: '#/components/schemas/Security_Detections_API_AlertStatusExceptClosed' required: @@ -109151,24 +45183,7 @@ components: Security_Detections_API_SeverityMapping: description: Overrides generated alerts' severity with values from the source event items: - type: object - properties: - field: - description: Source event field used to override the default `severity`. - type: string - operator: - enum: - - equals - type: string - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - value: - type: string - required: - - field - - operator - - severity - - value + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping_Item' type: array Security_Detections_API_SiemErrorResponse: type: object @@ -109237,14 +45252,7 @@ components: You can use Boolean and and or logic to define the conditions for when matching fields and values generate alerts. Sibling entries objects are evaluated using or logic, whereas multiple entries in a single entries object use and logic. See Example of Threat Match rule which uses both `and` and `or` logic. items: - type: object - properties: - entries: - items: - $ref: '#/components/schemas/Security_Detections_API_ThreatMappingEntry' - type: array - required: - - entries + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping_Item' minItems: 1 type: array Security_Detections_API_ThreatMappingEntry: @@ -109266,122 +45274,7 @@ components: - value Security_Detections_API_ThreatMatchRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields' Security_Detections_API_ThreatMatchRuleCreateFields: @@ -109391,106 +45284,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object @@ -109522,122 +45316,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' Security_Detections_API_ThreatMatchRulePatchFields: allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threat_index: - $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' - threat_mapping: - $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' - threat_query: - $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' - type: - description: Rule type - enum: - - threat_match - type: string + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields' Security_Detections_API_ThreatMatchRuleRequiredFields: type: object @@ -109665,116 +45349,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields_3' Security_Detections_API_ThreatMatchRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatQuery: description: Query used to determine which fields in the Elasticsearch index are used for generating alerts. @@ -109858,146 +45436,16 @@ components: Security_Detections_API_ThresholdCardinality: description: The field on which the cardinality is applied. items: - type: object - properties: - field: - description: The field on which to calculate and compare the cardinality. - type: string - value: - description: The threshold value from which an alert is generated based on unique number of values of cardinality.field. - minimum: 0 - type: integer - required: - - field - - value + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality_Item' type: array Security_Detections_API_ThresholdField: description: The field on which the threshold is applied. If you specify an empty array ([]), alerts are generated when the query returns at least the number of results specified in the value field. oneOf: - - type: string - - items: - type: string - maxItems: 5 - minItems: 0 - type: array + - $ref: '#/components/schemas/Security_Detections_API_ThresholdField_1' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdField_2' Security_Detections_API_ThresholdRule: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity - - version - - tags - - enabled - - risk_score_mapping - - severity_mapping - - interval - - from - - to - - actions - - exceptions_list - - author - - false_positives - - references - - max_signals - - threat - - setup - - related_integrations - - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule_1' - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields' Security_Detections_API_ThresholdRuleCreateFields: @@ -110007,106 +45455,7 @@ components: - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRuleCreateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdRuleDefaultableFields: type: object @@ -110128,118 +45477,12 @@ components: $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' Security_Detections_API_ThresholdRulePatchFields: allOf: - - type: object - properties: - query: - $ref: '#/components/schemas/Security_Detections_API_RuleQuery' - threshold: - $ref: '#/components/schemas/Security_Detections_API_Threshold' - type: - description: Rule type - enum: - - threshold - type: string + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRulePatchProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields' Security_Detections_API_ThresholdRuleRequiredFields: type: object @@ -110261,116 +45504,10 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - - type: object - properties: - language: - $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' - required: - - language + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields_3' Security_Detections_API_ThresholdRuleUpdateProps: allOf: - - type: object - properties: - actions: - description: Array defining the automated actions (notifications) taken when alerts are generated. - items: - $ref: '#/components/schemas/Security_Detections_API_RuleAction' - type: array - alias_purpose: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' - alias_target_id: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' - author: - $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' - building_block_type: - $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' - description: - $ref: '#/components/schemas/Security_Detections_API_RuleDescription' - enabled: - $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' - exceptions_list: - items: - $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' - type: array - false_positives: - $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' - from: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' - id: - $ref: '#/components/schemas/Security_Detections_API_UUID' - interval: - $ref: '#/components/schemas/Security_Detections_API_RuleInterval' - investigation_fields: - $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' - license: - $ref: '#/components/schemas/Security_Detections_API_RuleLicense' - max_signals: - $ref: '#/components/schemas/Security_Detections_API_MaxSignals' - meta: - $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' - name: - $ref: '#/components/schemas/Security_Detections_API_RuleName' - namespace: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' - note: - $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' - outcome: - $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' - output_index: - $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' - references: - $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' - related_integrations: - $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' - required_fields: - description: | - Elasticsearch fields and their types that need to be present for the rule to function. - > info - > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. - items: - $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' - type: array - response_actions: - items: - $ref: '#/components/schemas/Security_Detections_API_ResponseAction' - type: array - risk_score: - $ref: '#/components/schemas/Security_Detections_API_RiskScore' - risk_score_mapping: - $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' - rule_id: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' - rule_name_override: - $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' - setup: - $ref: '#/components/schemas/Security_Detections_API_SetupGuide' - severity: - $ref: '#/components/schemas/Security_Detections_API_Severity' - severity_mapping: - $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' - tags: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - threat: - $ref: '#/components/schemas/Security_Detections_API_ThreatArray' - throttle: - $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' - timeline_id: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' - timeline_title: - $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' - timestamp_override: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' - timestamp_override_fallback_disabled: - $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' - to: - $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' - version: - $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - required: - - name - - description - - risk_score - - severity + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps_1' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdValue: description: The threshold value from which an alert is generated. @@ -110428,8 +45565,7 @@ components: Security_Endpoint_Exceptions_API_EndpointList: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - - additionalProperties: false - type: object + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList_2' Security_Endpoint_Exceptions_API_EndpointListItem: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' Security_Endpoint_Exceptions_API_ExceptionList: @@ -110651,15 +45787,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' - required: - - id - - type + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList_List' operator: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: @@ -110950,35 +46078,14 @@ components: type: object properties: body: - type: object - properties: - data: - type: object - properties: - canEncrypt: - type: boolean - required: - - data + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse_Body' required: - body Security_Endpoint_Management_API_ActionStatusSuccessResponse: type: object properties: body: - type: object - properties: - data: - type: object - properties: - agent_id: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - pending_actions: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' - required: - - agent_id - - pending_actions - required: - - data + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body' required: - body Security_Endpoint_Management_API_AgentId: @@ -110991,14 +46098,8 @@ components: - agent-id-2 minLength: 1 oneOf: - - items: - minLength: 1 - type: string - maxItems: 50 - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds_2' Security_Endpoint_Management_API_AgentTypes: description: List of agent types to retrieve. Defaults to `endpoint`. enum: @@ -111011,7 +46112,7 @@ components: Security_Endpoint_Management_API_ApiPageSize: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' - - maximum: 1000 + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize_2' Security_Endpoint_Management_API_ApiSortField: description: Determines which field is used to sort the results. enum: @@ -111026,72 +46127,11 @@ components: Security_Endpoint_Management_API_Cancel: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - type: object - parameters: - type: object - properties: - id: - format: uuid - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_2' Security_Endpoint_Management_API_CancelRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - id: - description: ID of the response action to cancel - example: 7f8c9b2a-4d3e-4f5a-8b1c-2e3f4a5b6c7d - minLength: 1 - type: string - required: - - id - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_2' Security_Endpoint_Management_API_CloudFileScriptParameters: type: object properties: @@ -111335,94 +46375,11 @@ components: Security_Endpoint_Management_API_Execute: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - cwd: - type: string - output_file_id: - type: string - output_file_stderr_truncated: - type: boolean - output_file_stdout_truncated: - type: boolean - shell_code: - type: number - stderr: - type: string - stderr_truncated: - type: boolean - stdout: - type: string - stdout_truncated: - type: boolean - type: object - parameters: - type: object - properties: - command: - type: string - timeout: - type: number + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_2' Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - command: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' - timeout: - description: The maximum timeout value in seconds before the command is terminated. - minimum: 1 - type: integer - required: - - command - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_2' example: comment: Get list of all files endpoint_ids: @@ -111519,87 +46476,11 @@ components: Security_Endpoint_Management_API_GetFile: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - contents: - items: - type: object - properties: - file_name: - type: string - path: - type: string - sha256: - type: string - size: - type: number - type: - type: string - type: array - zip_size: - type: number - type: object - parameters: - type: object - properties: - path: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_2' Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - type: string - required: - - path - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_2' example: comment: Get my file endpoint_ids: @@ -111754,119 +46635,11 @@ components: Security_Endpoint_Management_API_KillProcess: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - type: object - properties: - code: - type: string - command: - type: string - pid: - type: number - - type: object - properties: - code: - type: string - command: - type: string - entity_id: - type: string - - type: object - properties: - code: - type: string - command: - type: string - process_name: - type: string - type: object - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - minimum: 1 - type: number - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - minLength: 1 - type: string - - type: object - properties: - process_name: - description: The name of the process to terminate. Valid for SentinelOne agent type only. - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_2' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - example: 123 - minimum: 1 - type: integer - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - example: abc123 - minLength: 1 - type: string - - type: object - properties: - process_name: - description: The name of the process to terminate. Valid for SentinelOne agent type only. - example: Elastic - minLength: 1 - type: string - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_2' example: comment: terminate the process endpoint_ids: @@ -111927,143 +46700,11 @@ components: Security_Endpoint_Management_API_MemoryDump: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - properties: - code: - type: string - disk_free_space: - description: The free space on the host machine in bytes after the memory dump is written to disk - type: number - file_size: - description: The size of the memory dump compressed file in bytes - type: string - path: - description: The path to the memory dump compressed file on the host machine - type: string - title: Memory dump output - type: object - type: object - parameters: - oneOf: - - properties: - type: - description: Kernel-level memory dump - enum: - - kernel - type: string - required: - - type - title: Kernel memory dump - type: object - - properties: - pid: - description: The process ID (PID) - type: number - type: - description: Process-level memory dump using a process ID - enum: - - process - type: string - required: - - type - - pid - title: Process memory dump with PID - type: object - - properties: - entity_id: - description: The process entity ID - type: string - type: - description: Process-level memory dump using an entity ID - enum: - - process - type: string - required: - - type - - entity_id - title: Process memory dump with entity ID - type: object - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_2' Security_Endpoint_Management_API_MemoryDumpRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - description: Dump the entire kernel memory. - type: object - properties: - type: - enum: - - kernel - type: string - required: - - type - - description: Dump the entire memory of a process using the PID. - type: object - properties: - pid: - type: number - type: - enum: - - process - type: string - required: - - type - - pid - - description: Dump the entire memory of a process using the entity ID. - type: object - properties: - entity_id: - type: string - type: - enum: - - process - type: string - required: - - type - - entity_id - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_2' Security_Endpoint_Management_API_MetadataListResponse: example: data: @@ -112258,28 +46899,8 @@ components: type: integer Security_Endpoint_Management_API_PendingActionsSchema: oneOf: - - type: object - properties: - execute: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - get-file: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - isolate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - kill-process: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - running-processes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - scan: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - suspend-process: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - unisolate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - upload: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - - additionalProperties: true - type: object + - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema_2' Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: @@ -112339,21 +46960,7 @@ components: type: string type: array agentState: - additionalProperties: - format: uuid - type: object - properties: - completedAt: - description: The date and time the response action was completed for the agent ID - type: string - isCompleted: - description: Whether the response action is completed for the agent ID - type: boolean - wasSuccessful: - description: Whether the response action was successful for the agent ID - type: boolean - description: The state of the response action for each agent ID that it was sent to - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_AgentState' agentType: $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' command: @@ -112366,15 +46973,7 @@ components: description: The user who created the response action type: string hosts: - additionalProperties: - format: uuid - type: object - properties: - name: - description: The host name - type: string - description: An object containing the host names associated with the agent IDs the response action was sent to - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Hosts' id: description: The response action ID format: uuid @@ -112386,32 +46985,9 @@ components: description: Whether the response action is expired type: boolean outputs: - additionalProperties: - description: The agent id - format: uuid - properties: - content: - description: The response action output content for the agent ID. Exact format depends on the response action command. - oneOf: - - type: object - - type: string - type: - enum: - - json - - text - type: string - required: - - type - - content - title: Agent ID - type: object - description: | - The outputs of the response action for each agent ID that it was sent to. Content different depending on the - response action command and will only be present for agents that have responded to the response action - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs' parameters: - description: The parameters of the response action. Content different depending on the response action command - type: object + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Parameters' startedAt: description: The response action start time format: date-time @@ -112427,17 +47003,7 @@ components: Security_Endpoint_Management_API_RunningProcesses: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne' - type: object + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_2' Security_Endpoint_Management_API_RunningProcessesOutputEndpoint: description: Processes output for `agentType` of `endpoint` type: object @@ -112446,51 +47012,16 @@ components: type: string entries: items: - type: object - properties: - command: - type: string - entity_id: - type: string - pid: - type: number - user: - type: string + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint_Entries_Item' type: array Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - description: Processes output for `agentType` of `sentinel_one` - type: object - properties: - code: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne_2' Security_Endpoint_Management_API_Runscript: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - allOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' - - type: object - properties: - code: - type: string - stderr: - type: string - stdout: - type: string - type: object - parameters: - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsCrowdStrike' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsMicrosoft' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsSentinelOne' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_2' Security_Endpoint_Management_API_RunscriptParamsCrowdStrike: type: object properties: @@ -112520,118 +47051,16 @@ components: type: string Security_Endpoint_Management_API_RunScriptRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - description: | - One of the following set of parameters must be provided - oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_SentinelOneRunScriptParameters' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_MDERunScriptParameters' - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody_2' Security_Endpoint_Management_API_Scan: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - type: object - parameters: - type: object - properties: - path: - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_2' Security_Endpoint_Management_API_ScanRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - type: object - properties: - path: - description: The folder or file’s full path (including the file name). - example: /usr/my-file.txt - type: string - required: - - path - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_2' example: comment: Scan the file for malware endpoint_ids: @@ -112717,99 +47146,11 @@ components: Security_Endpoint_Management_API_SuspendProcess: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - oneOf: - - type: object - properties: - code: - type: string - command: - type: string - pid: - type: number - - type: object - properties: - code: - type: string - command: - type: string - entity_id: - type: string - type: object - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to terminate. - minimum: 1 - type: number - - type: object - properties: - entity_id: - description: The entity ID of the process to terminate. - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_2' Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - parameters: - oneOf: - - type: object - properties: - pid: - description: The process ID (PID) of the process to suspend. - example: 123 - minimum: 1 - type: integer - - type: object - properties: - entity_id: - description: The entity ID of the process to suspend. - example: abc123 - minLength: 1 - type: string - required: - - parameters + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_2' example: comment: suspend the process endpoint_ids: @@ -112888,88 +47229,11 @@ components: Security_Endpoint_Management_API_Upload: allOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails' - - type: object - properties: - outputs: - additionalProperties: - type: object - properties: - content: - type: object - properties: - code: - type: string - disk_free_space: - type: number - path: - type: string - type: object - parameters: - description: | - The parameters for upload returned on the details are derived via the API from the file that - was uploaded at the time that the response action was submitted - type: object - properties: - file_id: - type: string - file_name: - type: string - file_sha256: - type: string - file_size: - type: number + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_2' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. - example: - - alert-id-1 - - alert-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - case_ids: - description: The IDs of cases where the action taken will be logged. - example: - - case-id-1 - - case-id-2 - items: - minLength: 1 - type: string - minItems: 1 - type: array - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - - type: object - properties: - file: - description: The binary content of the file. - example: RWxhc3RpYw== - format: binary - type: string - parameters: - type: object - properties: - overwrite: - default: false - description: Overwrite the file on the host if it already exists. - example: false - type: boolean - required: - - parameters - - file + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_2' example: endpoint_ids: - ed518850-681a-4d60-bb98-e22640cae2a8 @@ -113010,26 +47274,16 @@ components: - user-id-1 - user-id-2 oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds_2' Security_Endpoint_Management_API_WithOutputs: description: A list of action IDs that should include the complete output of the action. example: - action-id-1 - action-id-2 oneOf: - - items: - minLength: 1 - type: string - minItems: 1 - type: array - - minLength: 1 - type: string + - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs_2' Security_Entity_Analytics_API_Asset: additionalProperties: false type: object @@ -113096,15 +47350,7 @@ components: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts' - - type: object - properties: - '@timestamp': - description: The time the record was created or updated. - example: '2017-07-21T17:32:28Z' - format: date-time - type: string - required: - - '@timestamp' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord_3' example: '@timestamp': '2024-08-02T11:15:34.290Z' asset: @@ -113120,68 +47366,15 @@ components: type: object properties: asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - asset + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Asset' entity: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - id: - type: string - required: - - id + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity' host: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host' service: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service' user: - type: object - properties: - asset: - type: object - properties: - criticality: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User' required: - asset Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: @@ -113205,15 +47398,7 @@ components: type: boolean errors: items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error + $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse_Errors_Item' type: array required: - cleanup_successful @@ -113223,15 +47408,7 @@ components: properties: errors: items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error + $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse_Errors_Item' type: array risk_engine_saved_object_configured: example: false @@ -113242,12 +47419,7 @@ components: Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - - type: object - properties: - criticality_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' - required: - - criticality_level + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord_2' Security_Entity_Analytics_API_EngineComponentResource: enum: - entity_engine @@ -113267,12 +47439,7 @@ components: properties: errors: items: - type: object - properties: - message: - type: string - title: - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus_Errors_Item' type: array health: enum: @@ -113298,12 +47465,7 @@ components: type: object properties: changes: - type: object - properties: - indexPatterns: - items: - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult_Changes' type: type: string required: @@ -113318,17 +47480,7 @@ components: docsPerSecond: type: integer error: - type: object - properties: - action: - enum: - - init - type: string - message: - type: string - required: - - message - - action + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor_Error' fieldHistoryLength: type: integer filter: @@ -113399,27 +47551,7 @@ components: has_write_permissions: type: boolean privileges: - type: object - properties: - elasticsearch: - type: object - properties: - cluster: - additionalProperties: - type: boolean - type: object - index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object - kibana: - additionalProperties: - type: boolean - type: object - required: - - elasticsearch + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges' required: - has_all_required - privileges @@ -113438,101 +47570,21 @@ components: type: object properties: attributes: - additionalProperties: false - type: object - properties: - asset: - type: boolean - managed: - type: boolean - mfa_enabled: - type: boolean - privileged: - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Attributes' behaviors: - additionalProperties: false - type: object - properties: - brute_force_victim: - type: boolean - new_country_login: - type: boolean - used_usb_device: - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Behaviors' EngineMetadata: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineMetadata' id: type: string lifecycle: - additionalProperties: false - type: object - properties: - first_seen: - format: date-time - type: string - last_activity: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Lifecycle' name: type: string relationships: - additionalProperties: false - type: object - properties: - accessed_frequently_by: - items: - type: string - type: array - accesses_frequently: - items: - type: string - type: array - communicates_with: - items: - type: string - type: array - dependent_of: - items: - type: string - type: array - depends_on: - items: - type: string - type: array - owned_by: - items: - type: string - type: array - owns: - items: - type: string - type: array - supervised_by: - items: - type: string - type: array - supervises: - items: - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Relationships' risk: - additionalProperties: false - type: object - properties: - calculated_level: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' - description: Lexical description of the entity's risk. - example: Critical - calculated_score: - description: The raw numeric value of the given entity's risk score. - format: double - type: number - calculated_score_norm: - description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. - format: double - maximum: 100 - minimum: 0 - type: number + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField_Risk' source: type: string sub_type: @@ -113604,24 +47656,7 @@ components: modifiers: description: A list of modifiers that were applied to the risk score calculation. items: - type: object - properties: - contribution: - format: double - type: number - metadata: - additionalProperties: true - type: object - modifier_value: - format: double - type: number - subtype: - type: string - type: - type: string - required: - - type - - contribution + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Item' type: array notes: items: @@ -113672,52 +47707,9 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity_Event' host: - additionalProperties: false - type: object - properties: - architecture: - items: - type: string - type: array - domain: - items: - type: string - type: array - entity: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' - hostname: - items: - type: string - type: array - id: - items: - type: string - type: array - ip: - items: - type: string - type: array - mac: - items: - type: string - type: array - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - type: - items: - type: string - type: array - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity_Host' required: - entity Security_Entity_Analytics_API_IdField: @@ -113753,84 +47745,23 @@ components: Security_Entity_Analytics_API_MonitoredUserDoc: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc' - - type: object - properties: - '@timestamp': - format: date-time - type: string - event: - type: object - properties: - '@timestamp': - format: date-time - type: string - ingested: - format: date-time - type: string - user: - type: object - properties: - entity: - type: object - properties: - attributes: - type: object - properties: - Privileged: - description: Indicates if the user is privileged. - type: boolean - is_privileged: - description: Indicates if the user is privileged. - type: boolean - name: - type: string + - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_2' Security_Entity_Analytics_API_MonitoredUserUpdateDoc: type: object properties: entity_analytics_monitoring: - type: object - properties: - labels: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringLabel' - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Entity_analytics_monitoring' id: type: string labels: - type: object - properties: - source_ids: - items: - type: string - type: array - source_integrations: - items: - type: string - type: array - sources: - items: - enum: - - csv - - index_sync - - api - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Labels' user: - type: object - properties: - is_privileged: - description: Indicates if the user is privileged. - type: boolean - name: - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserUpdateDoc_User' Security_Entity_Analytics_API_MonitoringEngineDescriptor: type: object properties: error: - type: object - properties: - message: - description: Error message typically only present if the engine is in error state - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringEngineDescriptor_Error' status: $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' required: @@ -113953,24 +47884,9 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_ServiceEntity_Event' service: - additionalProperties: false - type: object - properties: - entity: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_ServiceEntity_Service' required: - entity Security_Entity_Analytics_API_StoreStatus: @@ -114059,81 +47975,18 @@ components: entity: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' event: - additionalProperties: false - type: object - properties: - ingested: - format: date-time - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity_Event' user: - additionalProperties: false - type: object - properties: - domain: - items: - type: string - type: array - email: - items: - type: string - type: array - full_name: - items: - type: string - type: array - hash: - items: - type: string - type: array - id: - items: - type: string - type: array - name: - type: string - risk: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' - additionalProperties: false - roles: - items: - type: string - type: array - required: - - name + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity_User' required: - entity Security_Entity_Analytics_API_UserName: type: object properties: entity_analytics_monitoring: - description: Entity analytics monitoring configuration for the user - type: object - properties: - labels: - description: Array of labels associated with the user - items: - type: object - properties: - field: - description: The field name for the label - type: string - source: - description: The source where this label was created (api, csv, or index_sync) - enum: - - api - - csv - - index_sync - type: string - value: - description: The value of the label - type: string - type: array + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring' user: - type: object - properties: - name: - description: The name of the user. - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_User' Security_Exceptions_API_BlocklistHashOrPathEntry: type: object properties: @@ -114235,38 +48088,7 @@ components: entries: description: Nested subject_name entries items: - type: object - properties: - field: - description: Certificate subject name - enum: - - subject_name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Match type for subject name - enum: - - match - - match_any - type: string - value: - oneOf: - - description: Single subject name (used with match) - type: string - - description: Array of subject names (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Item' minItems: 1 type: array field: @@ -114376,42 +48198,7 @@ components: Security_Exceptions_API_CreateExceptionListItemGeneric: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBase' - - example: - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple - type: object - properties: - entries: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - default: [] - required: - - list_id - - entries + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric_2' Security_Exceptions_API_CreateExceptionListItemHostIsolation: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBase' @@ -114760,15 +48547,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' list: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Exceptions_API_ListId' - type: - $ref: '#/components/schemas/Security_Exceptions_API_ListType' - required: - - id - - type + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList_List' operator: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: @@ -114928,15 +48707,7 @@ components: type: object properties: error: - type: object - properties: - message: - type: string - status_code: - type: integer - required: - - status_code - - message + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError_Error' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: @@ -114995,31 +48766,7 @@ components: entries: description: Exactly one entry allowed for host isolation exceptions items: - type: object - properties: - field: - description: Must be destination.ip - enum: - - destination.ip - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Must be match - enum: - - match - type: string - value: - description: Valid IPv4 address or CIDR notation (e.g., "192.168.1.1" or "10.0.0.0/8") - type: string - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_HostIsolationProperties_Entries_Item' maxItems: 1 minItems: 1 type: array @@ -115145,52 +48892,8 @@ components: description: Must include exactly 2 entries - one for subject_name and one for trusted items: oneOf: - - type: object - properties: - field: - enum: - - subject_name - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Certificate subject name - type: string - required: - - field - - type - - value - - operator - - type: object - properties: - field: - enum: - - trusted - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Must be the string 'true' - enum: - - 'true' - type: string - required: - - field - - type - - value - - operator + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_2' maxItems: 2 minItems: 2 type: array @@ -115332,52 +49035,8 @@ components: description: Must include exactly 2 entries - one for subject_name and one for trusted items: oneOf: - - type: object - properties: - field: - enum: - - subject_name - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Certificate subject name - type: string - required: - - field - - type - - value - - operator - - type: object - properties: - field: - enum: - - trusted - type: string - operator: - enum: - - included - type: string - type: - enum: - - match - type: string - value: - description: Must be the string 'true' - enum: - - 'true' - type: string - required: - - field - - type - - value - - operator + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_2' maxItems: 2 minItems: 2 type: array @@ -115401,45 +49060,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed) items: - type: object - properties: - field: - description: Device field to match against - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Item' minItems: 1 type: array list_id: @@ -115467,45 +49088,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed, username not available when targeting both OS) items: - type: object - properties: - field: - description: Device field to match against (username not available for multi-OS) - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Item' minItems: 1 type: array list_id: @@ -115534,46 +49117,7 @@ components: entries: description: Exception entries for the trusted device (duplicate field entries are not allowed) items: - type: object - properties: - field: - description: Device field to match against (user.name is Windows-only) - enum: - - device.serial_number - - device.type - - host.name - - device.vendor.name - - device.vendor.id - - device.product.id - - device.product.name - - user.name - type: string - operator: - description: Must be the value "included" - enum: - - included - type: string - type: - description: Entry match type - enum: - - match - - wildcard - - match_any - type: string - value: - oneOf: - - description: Single value (used with match or wildcard) - type: string - - description: Array of values (used with match_any) - items: - type: string - minItems: 1 - type: array - required: - - field - - type - - value - - operator + $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Item' minItems: 1 type: array list_id: @@ -115662,32 +49206,7 @@ components: Security_Exceptions_API_UpdateExceptionListItemGeneric: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBase' - - example: - comments: [] - description: Updated description - entries: - - field: host.name - operator: included - type: match - value: rock01 - item_id: simple_list_item - name: Updated name - namespace_type: single - tags: [] - type: simple - type: object - properties: - entries: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' - list_id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - os_types: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' - default: [] - tags: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' - required: - - entries + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric_2' Security_Exceptions_API_UpdateExceptionListItemHostIsolation: allOf: - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBase' @@ -115887,21 +49406,13 @@ components: type: object properties: application: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Application' cluster: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Cluster' has_all_requested: type: boolean index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Index' username: type: string required: @@ -115929,21 +49440,13 @@ components: type: object properties: application: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Application' cluster: - additionalProperties: - type: boolean - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Cluster' has_all_requested: type: boolean index: - additionalProperties: - additionalProperties: - type: boolean - type: object - type: object + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Index' username: type: string required: @@ -116092,9 +49595,7 @@ components: type: string type: array metadata: - description: Custom metadata object associated with the live query. - nullable: true - type: object + $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody_Metadata' pack_id: $ref: '#/components/schemas/Security_Osquery_API_PackId' queries: @@ -116258,10 +49759,8 @@ components: description: The value to map to the ECS field. example: total_seconds oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem_Value_1' + - $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem_Value_2' Security_Osquery_API_ECSMappingOrUndefined: $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' nullable: true @@ -116673,40 +50172,11 @@ components: Security_Timeline_API_BareNote: allOf: - $ref: '#/components/schemas/Security_Timeline_API_NoteCreatedAndUpdatedMetadata' - - type: object - properties: - eventId: - description: The `_id` of the associated event for this note. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - nullable: true - type: string - note: - description: The text of the note - example: This is an example text - nullable: true - type: string - timelineId: - description: The `savedObjectId` of the Timeline that this note is associated with - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - timelineId + - $ref: '#/components/schemas/Security_Timeline_API_BareNote_2' Security_Timeline_API_BarePinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata' - - type: object - properties: - eventId: - description: The `_id` of the associated event for this pinned event. - example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc - type: string - timelineId: - description: The `savedObjectId` of the timeline that this pinned event is associated with - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - required: - - eventId - - timelineId + - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent_2' Security_Timeline_API_ColumnHeaderResult: type: object properties: @@ -116806,10 +50276,8 @@ components: type: string Security_Timeline_API_DocumentIds: oneOf: - - items: - type: string - type: array - - type: string + - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds_1' + - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds_2' Security_Timeline_API_FavoriteTimelineResponse: type: object properties: @@ -116868,42 +50336,7 @@ components: nullable: true type: string meta: - nullable: true - type: object - properties: - alias: - nullable: true - type: string - controlledBy: - nullable: true - type: string - disabled: - nullable: true - type: boolean - field: - nullable: true - type: string - formattedValue: - nullable: true - type: string - index: - nullable: true - type: string - key: - nullable: true - type: string - negate: - nullable: true - type: boolean - params: - nullable: true - type: string - type: - nullable: true - type: string - value: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult_Meta' missing: nullable: true type: string @@ -116934,24 +50367,7 @@ components: errors: description: The list of failed Timeline imports items: - type: object - properties: - error: - description: The error containing the reason why the timeline could not be imported - type: object - properties: - message: - description: The reason why the timeline could not be imported - example: Malformed JSON - type: string - status_code: - description: The HTTP status code of the error - example: 400 - type: number - id: - description: The ID of the timeline that failed to import - example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 - type: string + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult_Errors_Item' type: array success: description: Indicates whether any of the Timelines were successfully imports @@ -116971,51 +50387,11 @@ components: Security_Timeline_API_ImportTimelines: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - globalNotes: - items: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - savedObjectId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - savedObjectId - - version - - pinnedEventIds - - eventNotes - - globalNotes + - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines_2' Security_Timeline_API_Note: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - - type: object - properties: - noteId: - description: The `savedObjectId` of the note - example: 709f99c6-89b6-4953-9160-35945c8e174e - type: string - version: - description: The version of the note - example: WzQ2LDFd - type: string - required: - - noteId - - version + - $ref: '#/components/schemas/Security_Timeline_API_Note_2' Security_Timeline_API_NoteCreatedAndUpdatedMetadata: type: object properties: @@ -117042,31 +50418,13 @@ components: Security_Timeline_API_PersistPinnedEventResponse: oneOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - type: object - properties: - unpinned: - description: Indicates whether the event was successfully unpinned - type: boolean - required: - - unpinned + - $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse_2' Security_Timeline_API_PersistTimelineResponse: $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' Security_Timeline_API_PinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' - - type: object - properties: - pinnedEventId: - description: The `savedObjectId` of this pinned event - example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 - type: string - version: - description: The version of this pinned event - example: WzQ2LDFe - type: string - required: - - pinnedEventId - - version + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent_2' Security_Timeline_API_PinnedEventCreatedAndUpdatedMetadata: type: object properties: @@ -117107,12 +50465,8 @@ components: type: string value: oneOf: - - nullable: true - type: string - - items: - type: string - nullable: true - type: array + - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult_Value_1' + - $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult_Value_2' Security_Timeline_API_ResolvedTimeline: type: object properties: @@ -117158,10 +50512,8 @@ components: type: string Security_Timeline_API_SavedObjectIds: oneOf: - - items: - type: string - type: array - - type: string + - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds_2' Security_Timeline_API_SavedObjectResolveAliasPurpose: enum: - savedObjectConversion @@ -117218,58 +50570,14 @@ components: nullable: true type: string dateRange: - description: The Timeline's search period. - example: - end: 1587456479201 - start: 1587370079200 - nullable: true - type: object - properties: - end: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - start: - oneOf: - - nullable: true - type: string - - nullable: true - type: number + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange' description: description: The Timeline's description example: Investigating exposure of CVE XYZ nullable: true type: string eqlOptions: - description: EQL query that is used in the correlation tab - example: - eventCategoryField: event.category - query: sequence\n[process where process.name == "sudo"]\n[any where true] - size: 100 - timestampField: '@timestamp' - nullable: true - type: object - properties: - eventCategoryField: - nullable: true - type: string - query: - nullable: true - type: string - size: - oneOf: - - nullable: true - type: string - - nullable: true - type: number - tiebreakerField: - nullable: true - type: string - timestampField: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions' eventType: deprecated: true description: Event types displayed in the Timeline @@ -117359,19 +50667,7 @@ components: Security_Timeline_API_SavedTimelineWithSavedObjectId: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - savedObjectId: - description: The `savedObjectId` of the Timeline or Timeline template - example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e - type: string - version: - description: The version of the Timeline or Timeline template - example: WzE0LDFd - type: string - required: - - savedObjectId - - version + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId_2' Security_Timeline_API_SerializedFilterQueryResult: description: KQL bar query. example: @@ -117383,28 +50679,11 @@ components: type: object properties: filterQuery: - nullable: true - type: object - properties: - kuery: - nullable: true - type: object - properties: - expression: - nullable: true - type: string - kind: - nullable: true - type: string - serializedQuery: - nullable: true - type: string + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult_FilterQuery' Security_Timeline_API_Sort: oneOf: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - - items: - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - type: array + - $ref: '#/components/schemas/Security_Timeline_API_Sort_2' Security_Timeline_API_SortFieldTimeline: description: The field to sort the timelines by. enum: @@ -117433,79 +50712,11 @@ components: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId' - - type: object - properties: - eventIdToNoteIds: - description: A list of all the notes that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - description: A list of all the ids of notes that are associated to this Timeline. - example: - - 709f99c6-89b6-4953-9160-35945c8e174e - items: - type: string - nullable: true - type: array - notes: - description: A list of all the notes that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - description: A list of all the ids of pinned events that are associated to this Timeline. - example: - - 983f99c6-89b6-4953-9160-35945c8a194f - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - description: A list of all the pinned events that are associated to this Timeline. - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array + - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse_3' Security_Timeline_API_TimelineSavedToReturnObject: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - type: object - properties: - eventIdToNoteIds: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - noteIds: - items: - type: string - nullable: true - type: array - notes: - items: - $ref: '#/components/schemas/Security_Timeline_API_Note' - nullable: true - type: array - pinnedEventIds: - items: - type: string - nullable: true - type: array - pinnedEventsSaveObject: - items: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - nullable: true - type: array - savedObjectId: - type: string - version: - type: string - required: - - savedObjectId - - version + - $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject_2' Security_Timeline_API_TimelineStatus: description: The status of the Timeline. enum: @@ -117532,17 +50743,7 @@ components: description: The identifier for the short URL. type: string locator: - type: object - properties: - id: - description: The identifier for the locator. - type: string - state: - description: The locator parameters. - type: object - version: - description: The version of Kibana when the short URL was created. - type: string + $ref: '#/components/schemas/Short_URL_APIs_urlResponse_Locator' slug: description: | A random human-readable slug is automatically generated if the `humanReadableSlug` parameter is set to `true`. If it is set to `false`, a random short string is generated. @@ -117638,13 +50839,7 @@ components: dashboards: description: Array of dashboard references items: - type: object - properties: - id: - description: Dashboard saved-object id - type: string - required: - - id + $ref: '#/components/schemas/SLOs_artifacts_Dashboards_Item' type: array title: Artifacts type: object @@ -117695,20 +50890,7 @@ components: results: description: The results of the bulk deletion operation, including the success status and any errors for each SLO items: - type: object - properties: - error: - description: The error message if the deletion operation failed for this SLO - example: SLO [d08506b7-f0e8-4f8b-a06a-a83940f4db91] not found - type: string - id: - description: The ID of the SLO that was deleted - example: d08506b7-f0e8-4f8b-a06a-a83940f4db91 - type: string - success: - description: The result of the deletion operation for this SLO - example: true - type: boolean + $ref: '#/components/schemas/SLOs_bulk_delete_status_response_Results_Item' type: array title: The status of the bulk deletion type: object @@ -117724,31 +50906,7 @@ components: type: string type: array purgePolicy: - description: Policy that dictates which SLI documents to purge based on age - oneOf: - - type: object - properties: - age: - description: The duration to determine which documents to purge, formatted as {duration}{unit}. This value should be greater than or equal to the time window of every SLO provided. - example: 7d - type: string - purgeType: - description: Specifies whether documents will be purged based on a specific age or on a timestamp - enum: - - fixed-age - type: string - - type: object - properties: - purgeType: - description: Specifies whether documents will be purged based on a specific age or on a timestamp - enum: - - fixed-time - type: string - timestamp: - description: The timestamp to determine which documents to purge, formatted in ISO. This value should be older than the applicable time window of every SLO provided. - example: '2024-12-31T00:00:00.000Z' - type: string - type: object + $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy' required: - list - purgePolicy @@ -117828,19 +50986,7 @@ components: list: description: An array of slo id and instance id items: - type: object - properties: - instanceId: - description: The SLO instance identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - sloId: - description: The SLO unique identifier - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - type: string - required: - - sloId - - instanceId + $ref: '#/components/schemas/SLOs_delete_slo_instances_request_List_Item' type: array required: - list @@ -117877,7 +51023,7 @@ components: meta: $ref: '#/components/schemas/SLOs_filter_meta' query: - type: object + $ref: '#/components/schemas/SLOs_filter_Query' title: Filter type: object SLOs_filter_meta: @@ -117903,7 +51049,7 @@ components: negate: type: boolean params: - type: object + $ref: '#/components/schemas/SLOs_filter_meta_Params' type: type: string value: @@ -117914,49 +51060,8 @@ components: description: | A paginated response of SLO definitions matching the query. oneOf: - - type: object - properties: - page: - example: 1 - type: number - perPage: - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - total: - example: 34 - type: number - - type: object - properties: - page: - default: 1 - description: for backward compability - type: number - perPage: - description: for backward compability - example: 25 - type: number - results: - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - type: array - searchAfter: - description: the cursor to provide to get the next paged results - example: - - some-slo-id - - other-cursor-id - items: - type: string - type: array - size: - example: 25 - type: number - total: - example: 34 - type: number + - $ref: '#/components/schemas/SLOs_find_slo_definitions_response_1' + - $ref: '#/components/schemas/SLOs_find_slo_definitions_response_2' title: Find SLO definitions response type: object SLOs_find_slo_response: @@ -117992,50 +51097,15 @@ components: - - service.name - service.environment oneOf: - - type: string - - items: - type: string - type: array + - $ref: '#/components/schemas/SLOs_group_by_1' + - $ref: '#/components/schemas/SLOs_group_by_2' title: Group by SLOs_indicator_properties_apm_availability: description: Defines properties for the APM availability indicator type type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index + $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability_Params' type: description: The type of indicator. example: sli.apm.transactionDuration @@ -118049,45 +51119,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - environment: - description: The APM service environment or "*" - example: production - type: string - filter: - description: KQL query used for filtering the data - example: 'service.foo : "bar"' - type: string - index: - description: The index used by APM metrics - example: metrics-apm*,apm* - type: string - service: - description: The APM service name - example: o11y-app - type: string - threshold: - description: The latency threshold in milliseconds - example: 250 - type: number - transactionName: - description: The APM transaction name or "*" - example: GET /my/api - type: string - transactionType: - description: The APM transaction type or "*" - example: request - type: string - required: - - service - - environment - - transactionType - - transactionName - - index - - threshold + $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency_Params' type: description: The type of indicator. example: sli.apm.transactionDuration @@ -118101,34 +51133,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - $ref: '#/components/schemas/SLOs_kql_with_filters' - good: - $ref: '#/components/schemas/SLOs_kql_with_filters_good' - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - $ref: '#/components/schemas/SLOs_kql_with_filters_total' - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql_Params' type: description: The type of indicator. example: sli.kql.custom @@ -118142,156 +51147,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "good" metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - oneOf: - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - type: array - required: - - metrics - - equation - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" metrics and equation - type: object - properties: - equation: - description: The equation to calculate the "total" metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - oneOf: - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - sum - example: sum - type: string - field: - description: The field of the metric. - example: processor.processed - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - - field - - type: object - properties: - aggregation: - description: The aggregation type of the metric. - enum: - - doc_count - example: doc_count - type: string - filter: - description: The filter to apply to the metric. - example: 'processor.outcome: *' - type: string - name: - description: The name of the metric. Only valid options are A-Z - example: A - pattern: ^[A-Z]$ - type: string - required: - - name - - aggregation - type: array - required: - - metrics - - equation - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params' type: description: The type of indicator. example: sli.metric.custom @@ -118305,94 +51161,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - good: - description: | - An object defining the "good" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for good events. - example: 'processor.outcome: "success"' - type: string - from: - description: The starting value of the range. Only required for "range" aggregations. - example: 0 - type: number - to: - description: The ending value of the range. Only required for "range" aggregations. - example: 100 - type: number - required: - - aggregation - - field - index: - description: The index or index pattern to use - example: my-service-* - type: string - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - total: - description: | - An object defining the "total" events - type: object - properties: - aggregation: - description: The type of aggregation to use. - enum: - - value_count - - range - example: value_count - type: string - field: - description: The field use to aggregate the good events. - example: processor.latency - type: string - filter: - description: The filter for total events. - example: 'processor.outcome : *' - type: string - from: - description: The starting value of the range. Only required for "range" aggregations. - example: 0 - type: number - to: - description: The ending value of the range. Only required for "range" aggregations. - example: 100 - type: number - required: - - aggregation - - field - required: - - index - - timestampField - - good - - total + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params' type: description: The type of indicator. example: sli.histogram.custom @@ -118406,78 +51175,7 @@ components: type: object properties: params: - description: An object containing the indicator parameters. - nullable: false - type: object - properties: - dataViewId: - description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - type: string - filter: - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - index: - description: The index or index pattern to use - example: my-service-* - type: string - metric: - description: | - An object defining the metrics, equation, and threshold to determine if it's a good slice or not - type: object - properties: - comparator: - description: The comparator to use to compare the equation to the threshold. - enum: - - GT - - GTE - - LT - - LTE - example: GT - type: string - equation: - description: The equation to calculate the metric. - example: A - type: string - metrics: - description: List of metrics with their name, aggregation type, and field. - items: - anyOf: - - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' - - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' - discriminator: - mapping: - avg: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - cardinality: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - doc_count: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' - last_value: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - max: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - min: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - percentile: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' - std_deviation: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - sum: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' - propertyName: aggregation - type: array - threshold: - description: The threshold used to determine if the metric is a good slice or not. - example: 100 - type: number - required: - - metrics - - equation - - comparator - - threshold - timestampField: - description: | - The timestamp field used in the source indice. - example: timestamp - type: string - required: - - index - - timestampField - - metric + $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric_Params' type: description: The type of indicator. example: sli.metric.timeslice @@ -118489,47 +51187,20 @@ components: SLOs_kql_with_filters: description: Defines properties for a filter oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_2' title: KQL with filters SLOs_kql_with_filters_good: description: The KQL query used to define the good events. oneOf: - - description: the KQL query to filter the documents with. - example: 'request.latency <= 150 and request.status_code : "2xx"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_good_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_good_2' title: KQL query for good events SLOs_kql_with_filters_total: description: The KQL query used to define all events. oneOf: - - description: the KQL query to filter the documents with. - example: 'field.environment : "production" and service.name : "my-service"' - type: string - - type: object - properties: - filters: - items: - $ref: '#/components/schemas/SLOs_filter' - type: array - kqlQuery: - type: string + - $ref: '#/components/schemas/SLOs_kql_with_filters_total_1' + - $ref: '#/components/schemas/SLOs_kql_with_filters_total_2' title: KQL query for all events SLOs_objective: description: Defines properties for the SLO objective @@ -118929,59 +51600,20 @@ components: Synthetics_browserMonitorFields: allOf: - $ref: '#/components/schemas/Synthetics_commonMonitorFields' - - additionalProperties: true - type: object - properties: - ignore_https_errors: - default: false - description: Ignore HTTPS errors. - type: boolean - inline_script: - description: The inline script. - type: string - playwright_options: - description: Playwright options. - type: object - screenshots: - default: 'on' - description: The screenshot option. - enum: - - 'on' - - 'off' - - only-on-failure - type: string - synthetics_args: - description: Synthetics agent CLI arguments. - items: - type: string - type: array - type: - description: The monitor type. - enum: - - browser - type: string - required: - - inline_script - - type + - $ref: '#/components/schemas/Synthetics_browserMonitorFields_2' title: Browser monitor fields Synthetics_commonMonitorFields: title: Common monitor fields type: object properties: alert: - description: | - The alert configuration. The default is `{ status: { enabled: true }, tls: { enabled: true } }`. - type: object + $ref: '#/components/schemas/Synthetics_commonMonitorFields_Alert' enabled: default: true description: Specify whether the monitor is enabled. type: boolean labels: - additionalProperties: - type: string - description: | - Key-value pairs of labels to associate with the monitor. Labels can be used for filtering and grouping monitors. - type: object + $ref: '#/components/schemas/Synthetics_commonMonitorFields_Labels' locations: description: | The location to deploy the monitor. @@ -119082,18 +51714,7 @@ components: description: The ID of the agent policy associated with the private location. type: string geo: - description: Geographic coordinates (WGS84) for the location. - type: object - properties: - lat: - description: The latitude of the location. - type: number - lon: - description: The longitude of the location. - type: number - required: - - lat - - lon + $ref: '#/components/schemas/Synthetics_getPrivateLocation_Geo' id: description: The unique identifier of the private location. type: string @@ -119112,116 +51733,12 @@ components: Synthetics_httpMonitorFields: allOf: - $ref: '#/components/schemas/Synthetics_commonMonitorFields' - - additionalProperties: true - type: object - properties: - check: - description: The check request settings. - type: object - properties: - request: - description: An optional request to send to the remote host. - type: object - properties: - body: - description: Optional request body content. - type: string - headers: - description: | - A dictionary of additional HTTP headers to send. By default, Synthetics will set the User-Agent header to identify itself. - type: object - method: - description: The HTTP method to use. - enum: - - HEAD - - GET - - POST - - OPTIONS - type: string - response: - additionalProperties: true - description: The expected response. - type: object - properties: - body: - type: object - headers: - description: A dictionary of expected HTTP headers. If the header is not found, the check fails. - type: object - ipv4: - default: true - description: If `true`, ping using the ipv4 protocol. - type: boolean - ipv6: - default: true - description: If `true`, ping using the ipv6 protocol. - type: boolean - max_redirects: - default: 0 - description: The maximum number of redirects to follow. - type: number - mode: - default: any - description: | - The mode of the monitor. If it is `all`, the monitor pings all resolvable IPs for a hostname. If it is `any`, the monitor pings only one IP address for a hostname. If you're using a DNS-load balancer and want to ping every IP address for the specified hostname, you should use `all`. - enum: - - all - - any - type: string - password: - description: | - The password for authenticating with the server. The credentials are passed with the request. - type: string - proxy_headers: - description: Additional headers to send to proxies during CONNECT requests. - type: object - proxy_url: - description: The URL of the proxy to use for this monitor. - type: string - response: - description: Controls the indexing of the HTTP response body contents to the `http.response.body.contents field`. - type: object - ssl: - description: | - The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used. - type: object - type: - description: The monitor type. - enum: - - http - type: string - url: - description: The URL to monitor. - type: string - username: - description: | - The username for authenticating with the server. The credentials are passed with the request. - type: string - required: - - type - - url + - $ref: '#/components/schemas/Synthetics_httpMonitorFields_2' title: HTTP monitor fields Synthetics_icmpMonitorFields: allOf: - $ref: '#/components/schemas/Synthetics_commonMonitorFields' - - additionalProperties: true - type: object - properties: - host: - description: The host to ping. - type: string - type: - description: The monitor type. - enum: - - icmp - type: string - wait: - default: 1 - description: The wait time in seconds. - type: number - required: - - host - - type + - $ref: '#/components/schemas/Synthetics_icmpMonitorFields_2' title: ICMP monitor fields Synthetics_parameterRequest: title: Parameter request @@ -119274,34 +51791,7 @@ components: Synthetics_tcpMonitorFields: allOf: - $ref: '#/components/schemas/Synthetics_commonMonitorFields' - - additionalProperties: true - type: object - properties: - host: - description: | - The host to monitor; it can be an IP address or a hostname. The host can include the port using a colon, for example "example.com:9200". - type: string - proxy_url: - description: | - The URL of the SOCKS5 proxy to use when connecting to the server. The value must be a URL with a scheme of `socks5://`. If the SOCKS5 proxy server requires client authentication, then a username and password can be embedded in the URL. When using a proxy, hostnames are resolved on the proxy server instead of on the client. You can change this behavior by setting the `proxy_use_local_resolver` option. - type: string - proxy_use_local_resolver: - default: false - description: | - Specify that hostnames are resolved locally instead of being resolved on the proxy server. If `false`, name resolution occurs on the proxy server. - type: boolean - ssl: - description: | - The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used. - type: object - type: - description: The monitor type. - enum: - - tcp - type: string - required: - - host - - type + - $ref: '#/components/schemas/Synthetics_tcpMonitorFields_2' title: TCP monitor fields Task_manager_health_APIs_configuration: description: | @@ -119316,20 +51806,7 @@ components: last_update: type: string stats: - type: object - properties: - capacity_estimation: - description: | - This object provides a rough estimate about the sufficiency of its capacity. These are estimates based on historical data and should not be used as predictions. - type: object - configuration: - $ref: '#/components/schemas/Task_manager_health_APIs_configuration' - runtime: - description: | - This object tracks runtime performance of Task Manager, tracking task drift, worker load, and stats broken down by type, including duration and run results. - type: object - workload: - $ref: '#/components/schemas/Task_manager_health_APIs_workload' + $ref: '#/components/schemas/Task_manager_health_APIs_health_response_Stats' status: type: string timestamp: @@ -119338,3070 +51815,88047 @@ components: description: | This object summarizes the work load across the cluster, including the tasks in the system, their types, and current status. type: object - bedrock_config: - title: Connector request properties for an Amazon Bedrock connector - description: Defines properties for connectors when type is `.bedrock`. + ApiActionsConnectorTypes_Get_Response_200_Item: + additionalProperties: false type: object - required: - - apiUrl properties: - apiUrl: + allow_multiple_system_actions: + description: Indicates whether multiple instances of the same system action connector can be used in a single rule. + type: boolean + enabled: + description: Indicates whether the connector is enabled. + type: boolean + enabled_in_config: + description: Indicates whether the connector is enabled in the Kibana configuration. + type: boolean + enabled_in_license: + description: Indicates whether the connector is enabled through the license. + type: boolean + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_system_action_type: + description: Indicates whether the action is a system action. + type: boolean + minimum_license_required: + description: The minimum license required to enable the connector. + enum: + - basic + - standard + - gold + - platinum + - enterprise + - trial type: string - description: The Amazon Bedrock request URL. - defaultModel: + name: + description: The name of the connector type. type: string - description: | - The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. - default: us.anthropic.claude-sonnet-4-5-20250929-v1:0 - crowdstrike_config: - title: Connector request config properties for a Crowdstrike connector + source: + description: The source of the connector type definition. + enum: + - yml + - spec + - stack + type: string + sub_feature: + description: Indicates the sub-feature type the connector is grouped under. + enum: + - endpointSecurity + type: string + supported_feature_ids: + description: The list of supported features + items: + type: string + type: array required: - - url - description: Defines config properties for connectors when type is `.crowdstrike`. + - id + - name + - enabled + - enabled_in_config + - enabled_in_license + - minimum_license_required + - supported_feature_ids + - is_system_action_type + - is_deprecated + - source + ApiActionsConnector_Get_Response_200: + additionalProperties: false type: object properties: - url: - description: | - The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + config: + $ref: '#/components/schemas/ApiActionsConnector_Get_Response_200_Config' + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - d3security_config: - title: Connector request properties for a D3 Security connector - description: Defines properties for connectors when type is `.d3security`. - type: object required: - - url + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Get_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnector_Post_Request: + additionalProperties: false + type: object properties: - url: + config: + $ref: '#/components/schemas/ApiActionsConnector_Post_Request_Config' + connector_type_id: + description: The type of connector. type: string - description: | - The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - email_config: - title: Connector request properties for an email connector - description: Defines properties for connectors when type is `.email`. + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/ApiActionsConnector_Post_Request_Secrets' required: - - from + - name + - connector_type_id + ApiActionsConnector_Post_Request_Config: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Post_Request_Secrets: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Post_Response_200: + additionalProperties: false type: object properties: - clientId: - description: | - The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + config: + $ref: '#/components/schemas/ApiActionsConnector_Post_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - nullable: true - from: - description: | - The from address for all emails sent by the connector. It must be specified in `user@host-name` format. + id: + description: The identifier for the connector. type: string - hasAuth: - description: | - Specifies whether a user and password are required inside the secrets configuration. - default: true + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. type: boolean - host: - description: | - The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - type: string - nullable: true - port: - description: | - The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: | - Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. + is_deprecated: + description: Indicates whether the connector is deprecated. type: boolean - service: - description: | - The name of the email service. - type: string - enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - tenantId: - description: | - The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - nullable: true - gemini_config: - title: Connector request properties for an Google Gemini connector - description: Defines properties for connectors when type is `.gemini`. - type: object required: - - apiUrl - - gcpRegion - - gcpProjectID + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Post_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnector_Put_Request: + additionalProperties: false + type: object properties: - apiUrl: + config: + $ref: '#/components/schemas/ApiActionsConnector_Put_Request_Config' + name: + description: The display name for the connector. type: string - description: The Google Gemini request URL. - defaultModel: + secrets: + $ref: '#/components/schemas/ApiActionsConnector_Put_Request_Secrets' + required: + - name + ApiActionsConnector_Put_Request_Config: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Put_Request_Secrets: + additionalProperties: {} + default: {} + type: object + ApiActionsConnector_Put_Response_200: + additionalProperties: false + type: object + properties: + config: + $ref: '#/components/schemas/ApiActionsConnector_Put_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - description: The generative artificial intelligence model for Google Gemini to use. - default: gemini-2.5-pro - gcpRegion: + id: + description: The identifier for the connector. type: string - description: The GCP region where the Vertex AI endpoint enabled. - gcpProjectID: + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' type: string - description: The Google ProjectID that has Vertex AI endpoint enabled. - resilient_config: - title: Connector request properties for a IBM Resilient connector required: - - apiUrl - - orgId - description: Defines properties for connectors when type is `.resilient`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnector_Put_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnectorExecute_Post_Request: + additionalProperties: false type: object properties: - apiUrl: - description: The IBM Resilient instance URL. - type: string - orgId: - description: The IBM Resilient organization ID. - type: string - index_config: - title: Connector request properties for an index connector + params: + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Request_Params' required: - - index - description: Defines properties for connectors when type is `.index`. + - params + ApiActionsConnectorExecute_Post_Request_Params: + additionalProperties: {} + type: object + ApiActionsConnectorExecute_Post_Response_200: + additionalProperties: false type: object properties: - executionTimeField: - description: A field that indicates when the document was indexed. - default: null + config: + $ref: '#/components/schemas/ApiActionsConnectorExecute_Post_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - nullable: true - index: - description: The Elasticsearch index to be written to. + id: + description: The identifier for the connector. type: string - refresh: - description: | - The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs. - default: false + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean - jira_config: - title: Connector request properties for a Jira connector + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' + type: string required: - - apiUrl - - projectKey - description: Defines properties for connectors when type is `.jira`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + ApiActionsConnectorExecute_Post_Response_200_Config: + additionalProperties: {} + type: object + ApiActionsConnectors_Get_Response_200_Item: + additionalProperties: false type: object properties: - apiUrl: - description: The Jira instance URL. + config: + $ref: '#/components/schemas/ApiActionsConnectors_Get_Response_200_Config' + connector_type_id: + description: The connector type identifier. type: string - projectKey: - description: The Jira project key. + id: + description: The identifier for the connector. type: string - defender_config: - title: Connector request properties for a Microsoft Defender for Endpoint connector + is_connector_type_deprecated: + description: Indicates whether the connector type is deprecated. + type: boolean + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the connector.' + type: string + referenced_by_count: + description: The number of saved objects that reference the connector. If is_preconfigured is true, this value is not calculated. + type: number required: - - apiUrl - - projectKey - description: Defines properties for connectors when type is `.microsoft_defender_endpoint`. + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + - is_connector_type_deprecated + - referenced_by_count + ApiActionsConnectors_Get_Response_200_Config: + additionalProperties: {} + type: object + ApiAgentBuilderAgents_Post_Request: + additionalProperties: false type: object properties: - apiUrl: + avatar_color: + description: Optional hex color code for the agent avatar. type: string - description: | - The URL of the Microsoft Defender for Endpoint API. If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname is added to the allowed hosts. - clientId: + avatar_symbol: + description: Optional symbol/initials for the agent avatar. type: string - description: The application (client) identifier for your app in the Azure portal. - oAuthScope: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request_Configuration' + description: + description: Description of what the agent does. type: string - description: The OAuth scopes or permission sets for the Microsoft Defender for Endpoint API. - oAuthServerUrl: + id: + description: Unique identifier for the agent. type: string - description: The OAuth server URL where authentication is sent and received for the Microsoft Defender for Endpoint API. - tenantId: - description: The tenant identifier for your app in the Azure portal. + labels: + description: Optional labels for categorizing and organizing agents. + items: + description: Label for categorizing the agent. + type: string + type: array + name: + description: Display name for the agent. type: string - genai_azure_config: - title: Connector request properties for an OpenAI connector that uses Azure OpenAI - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`. - type: object required: - - apiProvider - - apiUrl + - id + - name + - description + - configuration + ApiAgentBuilderAgents_Post_Request_Configuration: + additionalProperties: false + description: Configuration settings for the agent. + type: object properties: - apiProvider: - type: string - description: The OpenAI API provider. - enum: - - Azure OpenAI - apiUrl: + instructions: + description: Optional system instructions that define the agent behavior. type: string - description: The OpenAI API endpoint. - genai_openai_config: - title: Connector request properties for an OpenAI connector - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`. + tools: + items: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Post_Request_Configuration_Tools_Item' + type: array + required: + - tools + ApiAgentBuilderAgents_Post_Request_Configuration_Tools_Item: + additionalProperties: false + description: Tool selection configuration for the agent. type: object + properties: + tool_ids: + description: Array of tool IDs that the agent can use. + items: + description: Tool ID to be available to the agent. + type: string + type: array required: - - apiProvider - - apiUrl + - tool_ids + ApiAgentBuilderAgents_Put_Request: + additionalProperties: false + type: object properties: - apiProvider: + avatar_color: + description: Updated hex color code for the agent avatar. type: string - description: The OpenAI API provider. - enum: - - OpenAI - apiUrl: + avatar_symbol: + description: Updated symbol/initials for the agent avatar. type: string - description: The OpenAI API endpoint. - defaultModel: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request_Configuration' + description: + description: Updated description of what the agent does. type: string - description: The default model to use for requests. - opsgenie_config: - title: Connector request properties for an Opsgenie connector - required: - - apiUrl - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: | - The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + labels: + description: Updated labels for categorizing and organizing agents. + items: + description: Updated label for categorizing the agent. + type: string + type: array + name: + description: Updated display name for the agent. type: string - pagerduty_config: - title: Connector request properties for a PagerDuty connector - description: Defines properties for connectors when type is `.pagerduty`. + ApiAgentBuilderAgents_Put_Request_Configuration: + additionalProperties: false + description: Updated configuration settings for the agent. type: object properties: - apiUrl: - description: The PagerDuty event URL. + instructions: + description: Updated system instructions that define the agent behavior. type: string - nullable: true - example: https://events.pagerduty.com/v2/enqueue - sentinelone_config: - title: Connector request properties for a SentinelOne connector - required: - - url - description: Defines properties for connectors when type is `.sentinelone`. + tools: + items: + $ref: '#/components/schemas/ApiAgentBuilderAgents_Put_Request_Configuration_Tools_Item' + type: array + ApiAgentBuilderAgents_Put_Request_Configuration_Tools_Item: + additionalProperties: false + description: Tool selection configuration for the agent. type: object properties: - url: - description: | - The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - type: string - servicenow_config: - title: Connector request properties for a ServiceNow ITSM connector + tool_ids: + description: Array of tool IDs that the agent can use. + items: + description: Tool ID to be available to the agent. + type: string + type: array required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow`. + - tool_ids + ApiAgentBuilderConversationsAttachments_Post_Request: + additionalProperties: false type: object properties: - apiUrl: - type: string - description: The ServiceNow instance URL. - clientId: - description: | - The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + data: {} + description: + description: Human-readable description of the attachment. type: string - isOAuth: - description: | - The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). - default: false + hidden: + description: Whether the attachment should be hidden from the user. type: boolean - jwtKeyId: - description: | - The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + id: + description: Optional custom ID for the attachment. type: string - userIdentifierValue: - description: | - The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + type: + description: The type of the attachment (e.g., text, json, visualization_ref). type: string - usesTableApi: - description: | - Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow. - default: true - type: boolean - servicenow_itom_config: - title: Connector request properties for a ServiceNow ITOM connector required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow-itom`. + - type + - data + ApiAgentBuilderConversationsAttachments_Patch_Request: + additionalProperties: false type: object properties: - apiUrl: - type: string - description: The ServiceNow instance URL. - clientId: - description: | - The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. - type: string - isOAuth: - description: | - The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). - default: false - type: boolean - jwtKeyId: - description: | - The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + description: + description: The new description/name for the attachment. type: string - userIdentifierValue: - description: | - The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + required: + - description + ApiAgentBuilderConversationsAttachments_Put_Request: + additionalProperties: false + type: object + properties: + data: {} + description: + description: Optional new description for the attachment. type: string - slack_api_config: - title: Connector request properties for a Slack connector - description: Defines properties for connectors when type is `.slack_api`. + required: + - data + ApiAgentBuilderConverse_Post_Request: + additionalProperties: false type: object properties: - allowedChannels: + agent_id: + default: elastic-ai-agent + description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. + type: string + attachments: + description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' + items: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Attachments_Item' type: array - description: A list of valid Slack channels. + browser_api_tools: + description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. items: - type: object - required: - - id - - name - maxItems: 25 - properties: - id: - type: string - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - name: - type: string - description: The Slack channel name. - minLength: 1 - swimlane_config: - title: Connector request properties for a Swimlane connector - required: - - apiUrl - - appId - - connectorType - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - apiUrl: - description: The Swimlane instance URL. + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Browser_api_tools_Item' + type: array + capabilities: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Capabilities' + configuration_overrides: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Configuration_overrides' + connector_id: + description: Optional connector ID for the agent to use for external integrations. type: string - appId: - description: The Swimlane application ID. + conversation_id: + description: Optional existing conversation ID to continue a previous conversation. type: string - connectorType: - description: The type of connector. Valid values are `all`, `alerts`, and `cases`. + input: + description: The user input message to send to the agent. type: string - enum: - - all - - alerts - - cases - mappings: - title: Connector mappings properties for a Swimlane connector - description: The field mapping. - type: object - properties: - alertIdConfig: - title: Alert identifier mapping - description: Mapping for the alert ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseIdConfig: - title: Case identifier mapping - description: Mapping for the case ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseNameConfig: - title: Case name mapping - description: Mapping for the case name. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - commentsConfig: - title: Case comment mapping - description: Mapping for the case comments. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - descriptionConfig: - title: Case description mapping - description: Mapping for the case description. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - ruleNameConfig: - title: Rule name mapping - description: Mapping for the name of the alert's rule. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - severityConfig: - title: Severity mapping - description: Mapping for the severity. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - thehive_config: - title: Connector request properties for a TheHive connector - description: Defines configuration properties for connectors when type is `.thehive`. + prompts: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Prompts' + ApiAgentBuilderConverse_Post_Request_Attachments_Item: + additionalProperties: false type: object - required: - - url properties: - organisation: + data: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Attachments_Data' + hidden: + description: When true, the attachment will not be displayed in the UI. + type: boolean + id: + description: Optional id for the attachment. type: string - description: | - The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key. - url: + type: + description: Type of the attachment. type: string - description: | - The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - tines_config: - title: Connector request properties for a Tines connector - description: Defines properties for connectors when type is `.tines`. - type: object required: - - url - properties: - url: - description: | - The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. - type: string - torq_config: - title: Connector request properties for a Torq connector - description: Defines properties for connectors when type is `.torq`. + - type + - data + ApiAgentBuilderConverse_Post_Request_Attachments_Data: + additionalProperties: {} + description: Payload of the attachment. type: object - required: - - webhookIntegrationUrl - properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. - type: string - auth_type: - title: Authentication type - type: string - nullable: true - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - description: | - The type of authentication to use: basic, SSL, or none. - ca: - title: Certificate authority - type: string - description: | - A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types. - cert_type: - title: Certificate type - type: string - description: | - If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx - has_auth: - title: Has authentication - type: boolean - description: If true, a username and password for login type authentication must be provided. - default: true - verification_mode: - title: Verification mode - type: string - enum: - - certificate - - full - - none - default: full - description: | - Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation. - webhook_config: - title: Connector request properties for a Webhook connector - description: Defines properties for connectors when type is `.webhook`. - type: object - properties: - authType: - $ref: '#/components/schemas/auth_type' - ca: - $ref: '#/components/schemas/ca' - certType: - $ref: '#/components/schemas/cert_type' - hasAuth: - $ref: '#/components/schemas/has_auth' - headers: - type: object - nullable: true - description: A set of key-value pairs sent as headers with the request. - method: - type: string - default: post - enum: - - post - - put - description: | - The HTTP request method, either `post` or `put`. - url: - type: string - description: | - The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - verificationMode: - $ref: '#/components/schemas/verification_mode' - cases_webhook_config: - title: Connector request properties for Webhook - Case Management connector - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - description: Defines properties for connectors when type is `.cases-webhook`. + ApiAgentBuilderConverse_Post_Request_Browser_api_tools_Item: + additionalProperties: false type: object properties: - authType: - $ref: '#/components/schemas/auth_type' - ca: - $ref: '#/components/schemas/ca' - certType: - $ref: '#/components/schemas/cert_type' - createCommentJson: - type: string - description: | - A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - example: '{"body": {{{case.comment}}}}' - createCommentMethod: - type: string - description: | - The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`. - default: put - enum: - - patch - - post - - put - createCommentUrl: - type: string - description: | - The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.id}}}/comment - createIncidentJson: - type: string - description: | - A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. - example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' - createIncidentMethod: - type: string - description: | - The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - default: post - createIncidentResponseKey: - type: string - description: The JSON key in the create external case response that contains the case ID. - createIncidentUrl: - type: string - description: | - The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - getIncidentResponseExternalTitleKey: - type: string - description: The JSON key in get external case response that contains the case title. - getIncidentUrl: - type: string - description: | - The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. - example: https://example.com/issue/{{{external.system.id}}} - hasAuth: - $ref: '#/components/schemas/has_auth' - headers: - type: string - description: | - A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods. - updateIncidentJson: - type: string - description: | - The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. - example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' - updateIncidentMethod: - type: string - description: | - The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`. - default: put - enum: - - patch - - post - - put - updateIncidentUrl: + description: + description: Description of what the browser API tool does. type: string - description: | - The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.ID}}} - verificationMode: - $ref: '#/components/schemas/verification_mode' - viewIncidentUrl: + id: + description: Unique identifier for the browser API tool. type: string - description: | - The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL. - example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - xmatters_config: - title: Connector request properties for an xMatters connector - description: Defines properties for connectors when type is `.xmatters`. + schema: {} + required: + - id + - description + - schema + ApiAgentBuilderConverse_Post_Request_Capabilities: + additionalProperties: false + description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. type: object properties: - configUrl: - description: | - The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`. - type: string - nullable: true - usesBasic: - description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`). + visualizations: + description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. type: boolean - default: true - bedrock_secrets: - title: Connector secrets properties for an Amazon Bedrock connector - description: Defines secrets for connectors when type is `.bedrock`. + ApiAgentBuilderConverse_Post_Request_Configuration_overrides: + additionalProperties: false + description: Runtime configuration overrides. These override the stored agent configuration for this execution only. type: object - required: - - accessKey - - secret properties: - accessKey: - type: string - description: The AWS access key for authentication. - secret: + instructions: + description: Custom instructions for the agent. type: string - description: The AWS secret for authentication. - crowdstrike_secrets: - title: Connector secrets properties for a Crowdstrike connector - description: Defines secrets for connectors when type is `.crowdstrike`. + tools: + description: Tool selection to enable for this execution. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Configuration_overrides_Tools_Item' + type: array + ApiAgentBuilderConverse_Post_Request_Configuration_overrides_Tools_Item: + additionalProperties: false type: object - required: - - clientId - - clientSecret properties: - clientId: - description: The CrowdStrike API client identifier. - type: string - clientSecret: - description: The CrowdStrike API client secret to authenticate the `clientId`. - type: string - d3security_secrets: - title: Connector secrets properties for a D3 Security connector - description: Defines secrets for connectors when type is `.d3security`. + tool_ids: + items: + type: string + type: array required: - - token + - tool_ids + ApiAgentBuilderConverse_Post_Request_Prompts: + additionalProperties: + $ref: '#/components/schemas/ApiAgentBuilderConverse_Post_Request_Prompts_Value' + description: Can be used to respond to a confirmation prompt. + type: object + ApiAgentBuilderConverse_Post_Request_Prompts_Value: + additionalProperties: false type: object properties: - token: - type: string - description: The D3 Security token. - email_secrets: - title: Connector secrets properties for an email connector - description: Defines secrets for connectors when type is `.email`. + allow: + type: boolean + required: + - allow + ApiAgentBuilderConverseAsync_Post_Request: + additionalProperties: false type: object properties: - clientSecret: + agent_id: + default: elastic-ai-agent + description: The ID of the agent to chat with. Defaults to the default Elastic AI agent. type: string - description: | - The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required. - password: + attachments: + description: '**Technical Preview; added in 9.3.0.** Optional attachments to send with the message.' + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Attachments_Item' + type: array + browser_api_tools: + description: Optional browser API tools to be registered as LLM tools with browser.* namespace. These tools execute on the client side. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Browser_api_tools_Item' + type: array + capabilities: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Capabilities' + configuration_overrides: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides' + connector_id: + description: Optional connector ID for the agent to use for external integrations. type: string - description: | - The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. - user: + conversation_id: + description: Optional existing conversation ID to continue a previous conversation. type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. - gemini_secrets: - title: Connector secrets properties for a Google Gemini connector - description: Defines secrets for connectors when type is `.gemini`. + input: + description: The user input message to send to the agent. + type: string + prompts: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Prompts' + ApiAgentBuilderConverseAsync_Post_Request_Attachments_Item: + additionalProperties: false type: object - required: - - credentialsJson properties: - credentialsJson: + data: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Attachments_Data' + hidden: + description: When true, the attachment will not be displayed in the UI. + type: boolean + id: + description: Optional id for the attachment. + type: string + type: + description: Type of the attachment. type: string - description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it. - resilient_secrets: - title: Connector secrets properties for IBM Resilient connector required: - - apiKeyId - - apiKeySecret - description: Defines secrets for connectors when type is `.resilient`. + - type + - data + ApiAgentBuilderConverseAsync_Post_Request_Attachments_Data: + additionalProperties: {} + description: Payload of the attachment. + type: object + ApiAgentBuilderConverseAsync_Post_Request_Browser_api_tools_Item: + additionalProperties: false type: object properties: - apiKeyId: + description: + description: Description of what the browser API tool does. type: string - description: The authentication key ID for HTTP Basic authentication. - apiKeySecret: + id: + description: Unique identifier for the browser API tool. type: string - description: The authentication key secret for HTTP Basic authentication. - jira_secrets: - title: Connector secrets properties for a Jira connector + schema: {} required: - - apiToken - - email - description: Defines secrets for connectors when type is `.jira`. + - id + - description + - schema + ApiAgentBuilderConverseAsync_Post_Request_Capabilities: + additionalProperties: false + description: Controls agent capabilities during conversation. Currently supports visualization rendering for tabular tool results. type: object properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. - type: string - email: - description: The account email for HTTP Basic authentication. - type: string - teams_secrets: - title: Connector secrets properties for a Microsoft Teams connector - description: Defines secrets for connectors when type is `.teams`. + visualizations: + description: When true, allows the agent to render tabular data from tool results as interactive visualizations using custom XML elements in responses. + type: boolean + ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides: + additionalProperties: false + description: Runtime configuration overrides. These override the stored agent configuration for this execution only. type: object - required: - - webhookUrl properties: - webhookUrl: + instructions: + description: Custom instructions for the agent. type: string - description: | - The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. - genai_secrets: - title: Connector secrets properties for an OpenAI connector - description: | - Defines secrets for connectors when type is `.gen-ai`. Supports both API key authentication (OpenAI, Azure OpenAI, and `Other`) and PKI authentication (`Other` provider only). PKI fields must be base64-encoded PEM content. + tools: + description: Tool selection to enable for this execution. + items: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides_Tools_Item' + type: array + ApiAgentBuilderConverseAsync_Post_Request_Configuration_overrides_Tools_Item: + additionalProperties: false type: object properties: - apiKey: - type: string - description: | - The API key for authentication. For OpenAI and Azure OpenAI providers, it is required. For the `Other` provider, it is required if you do not use PKI authentication. With PKI, you can also optionally include an API key if the OpenAI-compatible service supports or requires one. - certificateData: - type: string - description: | - Base64-encoded PEM certificate content for PKI authentication (Other provider only). Required for PKI. - minLength: 1 - privateKeyData: - type: string - description: | - Base64-encoded PEM private key content for PKI authentication (Other provider only). Required for PKI. - minLength: 1 - caData: - type: string - description: | - Base64-encoded PEM CA certificate content for PKI authentication (Other provider only). Optional. - minLength: 1 - opsgenie_secrets: - title: Connector secrets properties for an Opsgenie connector + tool_ids: + items: + type: string + type: array required: - - apiKey - description: Defines secrets for connectors when type is `.opsgenie`. + - tool_ids + ApiAgentBuilderConverseAsync_Post_Request_Prompts: + additionalProperties: + $ref: '#/components/schemas/ApiAgentBuilderConverseAsync_Post_Request_Prompts_Value' + description: Can be used to respond to a confirmation prompt. type: object - properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. - type: string - pagerduty_secrets: - title: Connector secrets properties for a PagerDuty connector - description: Defines secrets for connectors when type is `.pagerduty`. + ApiAgentBuilderConverseAsync_Post_Request_Prompts_Value: + additionalProperties: false type: object - required: - - routingKey properties: - routingKey: - description: | - A 32 character PagerDuty Integration Key for an integration on a service. - type: string - sentinelone_secrets: - title: Connector secrets properties for a SentinelOne connector - description: Defines secrets for connectors when type is `.sentinelone`. - type: object + allow: + type: boolean required: - - token - properties: - token: - description: The A SentinelOne API token. - type: string - servicenow_secrets: - title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors - description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`. + - allow + ApiAgentBuilderTools_Post_Request: + additionalProperties: false type: object properties: - clientSecret: - type: string - description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`. - password: - type: string - description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`. - privateKey: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderTools_Post_Request_Configuration' + description: + default: '' + description: Description of what the tool does. type: string - description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`. - privateKeyPassword: + id: + description: Unique identifier for the tool. type: string - description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key. - username: + tags: + default: [] + description: Optional tags for categorizing and organizing tools. + items: + description: Tag for categorizing the tool. + type: string + type: array + type: + description: The type of tool to create (e.g., esql, index_search). + enum: + - esql + - index_search + - workflow + - mcp type: string - description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`. - slack_api_secrets: - title: Connector secrets properties for a Web API Slack connector - description: Defines secrets for connectors when type is `.slack`. required: - - token + - id + - type + - configuration + ApiAgentBuilderTools_Post_Request_Configuration: + additionalProperties: {} + description: Tool-specific configuration parameters. See examples for details. type: object - properties: - token: - type: string - description: Slack bot user OAuth token. - swimlane_secrets: - title: Connector secrets properties for a Swimlane connector - description: Defines secrets for connectors when type is `.swimlane`. + ApiAgentBuilderToolsExecute_Post_Request: + additionalProperties: false type: object properties: - apiToken: - description: Swimlane API authentication token. + connector_id: + description: Optional connector ID for tools that require external integrations. + type: string + tool_id: + description: The ID of the tool to execute. type: string - thehive_secrets: - title: Connector secrets properties for a TheHive connector - description: Defines secrets for connectors when type is `.thehive`. + tool_params: + $ref: '#/components/schemas/ApiAgentBuilderToolsExecute_Post_Request_Tool_params' required: - - apiKey + - tool_id + - tool_params + ApiAgentBuilderToolsExecute_Post_Request_Tool_params: + additionalProperties: {} + description: Parameters to pass to the tool execution. See examples for details + type: object + ApiAgentBuilderTools_Put_Request: + additionalProperties: false type: object properties: - apiKey: + configuration: + $ref: '#/components/schemas/ApiAgentBuilderTools_Put_Request_Configuration' + description: + description: Updated description of what the tool does. type: string - description: The API key for authentication in TheHive. - tines_secrets: - title: Connector secrets properties for a Tines connector - description: Defines secrets for connectors when type is `.tines`. + tags: + description: Updated tags for categorizing and organizing tools. + items: + description: Updated tag for categorizing the tool. + type: string + type: array + ApiAgentBuilderTools_Put_Request_Configuration: + additionalProperties: {} + description: Updated tool-specific configuration parameters. See examples for details. + type: object + ApiAlertingHealth_Get_Response_200: type: object - required: - - email - - token properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string - torq_secrets: - title: Connector secrets properties for a Torq connector - description: Defines secrets for connectors when type is `.torq`. + alerting_framework_health: + $ref: '#/components/schemas/ApiAlertingHealth_Get_Response_200_Alerting_framework_health' + has_permanent_encryption_key: + description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. + example: true + type: boolean + is_sufficiently_secure: + description: If `false`, security is enabled but TLS is not. + example: true + type: boolean + ApiAlertingHealth_Get_Response_200_Alerting_framework_health: + description: | + Three substates identify the health of the alerting framework: `decryption_health`, `execution_health`, and `read_health`. type: object - required: - - token properties: - token: - description: The secret of the webhook authentication header. - type: string - crt: - title: Certificate - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. - key: - title: Certificate key - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file. - pfx: - title: Personal information exchange - type: string - description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - webhook_secrets: - title: Connector secrets properties for a Webhook connector - description: Defines secrets for connectors when type is `.webhook`. + decryption_health: + $ref: '#/components/schemas/ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Decryption_health' + execution_health: + $ref: '#/components/schemas/ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Execution_health' + read_health: + $ref: '#/components/schemas/ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Read_health' + ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Decryption_health: + description: The timestamp and status of the rule decryption. type: object properties: - crt: - $ref: '#/components/schemas/crt' - key: - $ref: '#/components/schemas/key' - pfx: - $ref: '#/components/schemas/pfx' - password: + status: + enum: + - error + - ok + - warn + example: ok type: string - description: | - The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - user: + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - cases_webhook_secrets: - title: Connector secrets properties for Webhook - Case Management connector + ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Execution_health: + description: The timestamp and status of the rule run. type: object properties: - crt: - $ref: '#/components/schemas/crt' - key: - $ref: '#/components/schemas/key' - pfx: - $ref: '#/components/schemas/pfx' - password: + status: + enum: + - error + - ok + - warn + example: ok type: string - description: | - The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required. - user: + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time type: string - description: | - The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. - xmatters_secrets: - title: Connector secrets properties for an xMatters connector - description: Defines secrets for connectors when type is `.xmatters`. + ApiAlertingHealth_Get_Response_200_Alerting_framework_health_Read_health: + description: The timestamp and status of the rule reading events. type: object properties: - password: - description: | - A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. - type: string - secretsUrl: - description: | - The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`. + status: + enum: + - error + - ok + - warn + example: ok type: string - user: - description: | - A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time type: string - genai_openai_other_config: - title: Connector request properties for an OpenAI connector with Other provider - description: | - Defines properties for connectors when type is `.gen-ai` and the API provider is `Other` (OpenAI-compatible service), including optional PKI authentication. + ApiAlertingRuleTypes_Get_Response_200_Item: type: object - required: - - apiProvider - - apiUrl - - defaultModel properties: - apiProvider: - type: string - description: The OpenAI API provider. + action_groups: + description: | + An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid. + items: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Action_groups_Item' + type: array + action_variables: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Action_variables' + alerts: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Alerts' + authorized_consumers: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers' + category: + description: The rule category, which is used by features such as category-specific maintenance windows. enum: - - Other - apiUrl: + - management + - observability + - securitySolution type: string - description: The OpenAI-compatible API endpoint. - defaultModel: + default_action_group_id: + description: The default identifier for the rule type group. type: string - description: The default model to use for requests. - certificateData: + does_set_recovery_context: + description: Indicates whether the rule passes context variables to its recovery action. + type: boolean + enabled_in_license: + description: Indicates whether the rule type is enabled or disabled based on the subscription. + type: boolean + has_alerts_mappings: + description: Indicates whether the rule type has custom mappings for the alert data. + type: boolean + has_fields_for_a_a_d: + type: boolean + id: + description: The unique identifier for the rule type. type: string - description: PEM-encoded certificate content. - minLength: 1 - privateKeyData: + is_exportable: + description: Indicates whether the rule type is exportable in **Stack Management > Saved Objects**. + type: boolean + minimum_license_required: + description: The subscriptions required to use the rule type. + example: basic type: string - description: PEM-encoded private key content. - minLength: 1 - caData: + name: + description: The descriptive name of the rule type. type: string - description: PEM-encoded CA certificate content. - minLength: 1 - verificationMode: + producer: + description: An identifier for the application that produces this rule type. + example: stackAlerts type: string - description: SSL verification mode for PKI authentication. - enum: - - full - - certificate - - none - default: full - headers: - type: object - description: Custom headers to include in requests. - additionalProperties: - type: string - defender_secrets: - title: Connector secrets properties for a Microsoft Defender for Endpoint connector - required: - - clientSecret - description: Defines secrets for connectors when type is `..microsoft_defender_endpoint`. - type: object - properties: - clientSecret: - description: The client secret for your app in the Azure portal. + recovery_action_group: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Recovery_action_group' + rule_task_timeout: + example: 5m type: string - run_acknowledge_resolve_pagerduty: - title: PagerDuty connector parameters - description: Test an action that acknowledges or resolves a PagerDuty alert. + ApiAlertingRuleTypes_Get_Response_200_Action_groups_Item: type: object - required: - - dedupKey - - eventAction properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. + id: type: string - maxLength: 255 - eventAction: - description: The type of event. + name: type: string - enum: - - acknowledge - - resolve - run_documents: - title: Index connector parameters - description: Test an action that indexes a document into Elasticsearch. - type: object - required: - - documents - properties: - documents: - type: array - description: The documents in JSON format for index connectors. - items: - type: object - additionalProperties: true - run_message_email: - title: Email connector parameters + ApiAlertingRuleTypes_Get_Response_200_Action_variables: description: | - Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`. + A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors. type: object - required: - - message - - subject properties: - bcc: - type: array + context: items: - type: string - description: | - A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format - cc: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Action_variables_Context_Item' type: array + params: items: - type: string - description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format - message: - type: string - description: The email message text. Markdown format is supported. - subject: - type: string - description: The subject line of the email. - to: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Action_variables_Params_Item' type: array - description: | - A list of email addresses. Addresses can be specified in `user@host-name` format or in name `` format. + state: items: - type: string - run_message_serverlog: - title: Server log connector parameters - description: Test an action that writes an entry to the Kibana server log. + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Action_variables_State_Item' + type: array + ApiAlertingRuleTypes_Get_Response_200_Action_variables_Context_Item: type: object - required: - - message properties: - level: + description: type: string - description: The log level of the message for server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - default: info - message: + name: type: string - description: The message for server log connectors. - run_message_slack: - title: Slack connector parameters - description: | - Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`. + useWithTripleBracesInTemplates: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Action_variables_Params_Item: type: object - required: - - message properties: - message: + description: + type: string + name: type: string - description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting. - run_trigger_pagerduty: - title: PagerDuty connector parameters - description: Test an action that triggers a PagerDuty alert. + ApiAlertingRuleTypes_Get_Response_200_Action_variables_State_Item: type: object - required: - - eventAction properties: - class: - description: The class or type of the event. + description: type: string - example: cpu load - component: - description: The component of the source machine that is responsible for the event. + name: type: string - example: eth0 - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: + ApiAlertingRuleTypes_Get_Response_200_Alerts: + description: | + Details for writing alerts as data documents for this rule type. + type: object + properties: + context: description: | - All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. - type: string - maxLength: 255 - eventAction: - description: The type of event. - type: string + The namespace for this rule type. enum: - - trigger - group: - description: The logical grouping of components of a service. - type: string - example: app-stack - links: - description: A list of links to add to the event. - type: array - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - severity: - description: The severity of the event on the affected system. + - ml.anomaly-detection + - observability.apm + - observability.logs + - observability.metrics + - observability.slo + - observability.threshold + - observability.uptime + - security + - stack type: string + dynamic: + description: Indicates whether new fields are added dynamically. enum: - - critical - - error - - info - - warning - default: info - source: - description: | - The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action. - type: string - summary: - description: A summery of the event. + - 'false' + - runtime + - strict + - 'true' type: string - maxLength: 1024 - timestamp: - description: An ISO-8601 timestamp that indicates when the event was detected or generated. + isSpaceAware: + description: | + Indicates whether the alerts are space-aware. If true, space-specific alert indices are used. + type: boolean + mappings: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Alerts_Mappings' + secondaryAlias: + description: | + A secondary alias. It is typically used to support the signals alias for detection rules. type: string - format: date-time - run_addevent: - title: The addEvent subaction + shouldWrite: + description: | + Indicates whether the rule should write out alerts as data. + type: boolean + useEcs: + description: | + Indicates whether to include the ECS component template for the alerts. + type: boolean + useLegacyAlerts: + default: false + description: | + Indicates whether to include the legacy component template for the alerts. + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Alerts_Mappings: type: object - required: - - subAction - description: The `addEvent` subaction for ServiceNow ITOM connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - addEvent - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - additional_info: - type: string - description: Additional information about the event. - description: - type: string - description: The details about the event. - event_class: - type: string - description: A specific instance of the source. - message_key: - type: string - description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. - metric_name: - type: string - description: The name of the metric. - node: - type: string - description: The host that the event was triggered for. - resource: - type: string - description: The name of the resource. - severity: - type: string - description: The severity of the event. - source: - type: string - description: The name of the event source type. - time_of_event: - type: string - description: The time of the event. - type: - type: string - description: The type of event. - run_closealert: - title: The closeAlert subaction + fieldMap: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Alerts_Mappings_FieldMap' + ApiAlertingRuleTypes_Get_Response_200_Alerts_Mappings_FieldMap: + additionalProperties: + $ref: '#/components/schemas/Alerting_fieldmap_properties' + description: | + Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation. type: object - required: - - subAction - - subActionParams - description: The `closeAlert` subaction for Opsgenie connectors. - properties: - subAction: - type: string - description: The action to test. - enum: - - closeAlert - subActionParams: - type: object - required: - - alias - properties: - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. - note: - type: string - description: Additional information for the alert. - source: - type: string - description: The display name for the source of the alert. - user: - type: string - description: The display name for the owner. - run_closeincident: - title: The closeIncident subaction + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers: + description: The list of the plugins IDs that have access to the rule type. type: object - required: - - subAction - - subActionParams - description: The `closeIncident` subaction for ServiceNow ITSM connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - closeIncident - subActionParams: - type: object - required: - - incident - properties: - incident: - type: object - anyOf: - - required: - - correlation_id - - required: - - externalId - properties: - correlation_id: - type: string - nullable: true - description: | - An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID. - maxLength: 100 - default: '{{rule.id}}:{{alert.id}}' - externalId: - type: string - nullable: true - description: The unique identifier (`incidentId`) for the incident in ServiceNow. - run_createalert: - title: The createAlert subaction + alerts: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Alerts' + apm: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Apm' + discover: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Discover' + infrastructure: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Infrastructure' + logs: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Logs' + ml: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Ml' + monitoring: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Monitoring' + siem: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Siem' + slo: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Slo' + stackAlerts: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_StackAlerts' + uptime: + $ref: '#/components/schemas/ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Uptime' + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Alerts: type: object - required: - - subAction - - subActionParams - description: The `createAlert` subaction for Opsgenie and TheHive connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - createAlert - subActionParams: - type: object - properties: - actions: - type: array - description: The custom actions available to the alert in Opsgenie connectors. - items: - type: string - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. - description: - type: string - description: A description that provides detailed information about the alert. - details: - type: object - description: The custom properties of the alert in Opsgenie connectors. - additionalProperties: true - example: - key1: value1 - key2: value2 - entity: - type: string - description: The domain of the alert in Opsgenie connectors. For example, the application or server name. - message: - type: string - description: The alert message in Opsgenie connectors. - note: - type: string - description: Additional information for the alert in Opsgenie connectors. - priority: - type: string - description: The priority level for the alert in Opsgenie connectors. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - responders: - type: array - description: | - The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: The type of responders, in this case `escalation`. - enum: - - escalation - - schedule - - team - - user - username: - type: string - description: A valid email address for the user. - severity: - type: integer - minimum: 1 - maximum: 4 - description: | - The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). - source: - type: string - description: The display name for the source of the alert in Opsgenie and TheHive connectors. - sourceRef: - type: string - description: A source reference for the alert in TheHive connectors. - tags: - type: array - description: The tags for the alert in Opsgenie and TheHive connectors. - items: - type: string - title: - type: string - description: | - A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base. - tlp: - type: integer - minimum: 0 - maximum: 4 - default: 2 - description: | - The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). - type: - type: string - description: The type of alert in TheHive connectors. - user: - type: string - description: The display name for the owner. - visibleTo: - type: array - description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. - items: - type: object - required: - - type - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: Valid values are `team` and `user`. - enum: - - team - - user - username: - type: string - description: The user name. This property is required only when the `type` is `user`. - run_fieldsbyissuetype: - title: The fieldsByIssueType subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Apm: type: object - required: - - subAction - - subActionParams - description: The `fieldsByIssueType` subaction for Jira connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - fieldsByIssueType - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue type identifier. - example: 10024 - run_getagentdetails: - title: The getAgentDetails subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Discover: type: object - required: - - subAction - - subActionParams - description: The `getAgentDetails` subaction for CrowdStrike connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - getAgentDetails - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - ids - properties: - ids: - type: array - description: An array of CrowdStrike agent identifiers. - items: - type: string - run_getagents: - title: The getAgents subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Infrastructure: type: object - required: - - subAction - description: The `getAgents` subaction for SentinelOne connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - getAgents - run_getchoices: - title: The getChoices subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Logs: type: object - required: - - subAction - - subActionParams - description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - run_getfields: - title: The getFields subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Ml: type: object - required: - - subAction - description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - getFields - run_getincident: - title: The getIncident subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Monitoring: type: object - description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. - required: - - subAction - - subActionParams properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - required: - - externalId - properties: - externalId: - type: string - description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. - example: 71778 - run_issue: - title: The issue subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Siem: type: object - required: - - subAction - description: The `issue` subaction for Jira connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - issue - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue identifier. - example: 71778 - run_issues: - title: The issues subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Slo: type: object - required: - - subAction - - subActionParams - description: The `issues` subaction for Jira connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - issues - subActionParams: - type: object - required: - - title - properties: - title: - type: string - description: The title of the Jira issue. - run_issuetypes: - title: The issueTypes subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_StackAlerts: type: object - required: - - subAction - description: The `issueTypes` subaction for Jira connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - issueTypes - run_postmessage: - title: The postMessage subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Authorized_consumers_Uptime: type: object - description: | - Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`. - required: - - subAction - - subActionParams properties: - subAction: - type: string - description: The action to test. - enum: - - postMessage - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - channelIds: - type: array - maxItems: 1 - description: | - The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration. - items: - type: string - channels: - type: array - deprecated: true - description: | - The name of a channel that your Slack app has access to. - maxItems: 1 - items: - type: string - text: - type: string - description: | - The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages. - minLength: 1 - run_pushtoservice: - title: The pushToService subaction + all: + type: boolean + read: + type: boolean + ApiAlertingRuleTypes_Get_Response_200_Recovery_action_group: + description: An action group to use when an alert goes from an active state to an inactive one. type: object - required: - - subAction - - subActionParams - description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. properties: - subAction: + id: type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - comments: - type: array - description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive. - items: - type: object - properties: - comment: - type: string - description: A comment related to the incident. For example, describe how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident. - properties: - additional_fields: - type: string - nullable: true - maxLength: 20 - description: | - Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format. - alertId: - type: string - description: The alert identifier for Swimlane connectors. - caseId: - type: string - description: The case identifier for the incident for Swimlane connectors. - caseName: - type: string - description: The case name for the incident for Swimlane connectors. - category: - type: string - description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - correlation_display: - type: string - description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. - correlation_id: - type: string - description: | - The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. - description: - type: string - description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. - dest_ip: - description: | - A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - externalId: - type: string - description: | - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. - id: - type: string - description: The external case identifier for Webhook - Case Management connectors. - impact: - type: string - description: The impact of the incident for ServiceNow ITSM connectors. - issueType: - type: integer - description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. - labels: - type: array - items: - type: string - description: | - The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces. - malware_hash: - description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - malware_url: - type: string - description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - otherFields: - type: object - additionalProperties: true - maxProperties: 20 - description: | - Custom field identifiers and their values for Jira connectors. - parent: - type: string - description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. - priority: - type: string - description: The priority of the incident in Jira and ServiceNow SecOps connectors. - ruleName: - type: string - description: The rule name for Swimlane connectors. - severity: - type: integer - description: | - The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). - short_description: - type: string - description: | - A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. - source_ip: - description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - status: - type: string - description: The status of the incident for Webhook - Case Management connectors. - subcategory: - type: string - description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. - summary: - type: string - description: A summary of the incident for Jira connectors. - tags: - type: array - items: - type: string - description: A list of tags for TheHive and Webhook - Case Management connectors. - title: - type: string - description: | - A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base. - tlp: - type: integer - minimum: 0 - maximum: 4 - default: 2 - description: | - The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). - urgency: - type: string - description: The urgency of the incident for ServiceNow ITSM connectors. - run_validchannelid: - title: The validChannelId subaction - type: object - description: | - Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`. - required: - - subAction - - subActionParams - properties: - subAction: + name: type: string - description: The action to test. - enum: - - validChannelId - subActionParams: - type: object - required: - - channelId - properties: - channelId: - type: string - description: The Slack channel identifier. - example: C123ABC456 - params_property_apm_anomaly: - title: APM anomaly - description: | - The parameters for the APM anomaly rule. These parameters are appropriate when `rule_type_id` is `apm.rules.anomaly`. + ApiAlertingRule_Get_Response_200: + additionalProperties: false type: object - required: - - windowSize - - windowUnit - - environment - - anomalySeverityType properties: - serviceName: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true type: string - description: Filter the rule to apply to a specific service name. - transactionType: + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string - description: Filter the rule to apply to a specific transaction type. - windowSize: - type: number - example: 6 - description: | - The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - windowUnit: + created_at: + description: The date and time that the rule was created. type: string - description: | - The type of units for the time window. For example: minutes, hours, or days. - enum: - - m - - h - - d - environment: + created_by: + description: The identifier for the user that created the rule. + nullable: true type: string - description: Filter the rule to apply to a specific environment. - anomalySeverityType: + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Flapping' + id: + description: The identifier for the rule. type: string - description: | - The severity of anomalies that will generate alerts: critical, major, minor, or warning. - enum: - - critical - - major - - minor - - warning - params_property_apm_error_count: - title: APM error count - description: | - The parameters for the APM error count rule. These parameters are appropriate when `rule_type_id` is `apm.error_rate`. - type: object - required: - - windowSize - - windowUnit - - threshold - - environment - properties: - serviceName: + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true type: string - description: Filter the errors coming from your application to apply the rule to a specific service. - windowSize: - type: number - description: | - The time frame in which the errors must occur (in `windowUnit` units). Generally it should be a value higher than the rule check interval to avoid gaps in detection. - example: 6 - windowUnit: + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' type: string - description: | - The type of units for the time window: minutes, hours, or days. + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - - m - - h - - d - environment: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true type: string - description: Filter the errors coming from your application to apply the rule to a specific environment. - threshold: + params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Params' + revision: + description: The rule revision number. type: number - description: The error count threshold. - groupBy: + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_Item' type: array - default: - - service.name - - service.environment - uniqueItems: true + tags: items: + description: The tags for the rule. type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Get_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Get_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Get_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Get_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Get_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Get_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Get_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRule_Get_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRule_Get_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRule_Get_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Get_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Get_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRule_Get_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Get_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Get_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRule_Get_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Get_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRule_Get_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Get_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Get_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Get_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRule_Post_Request: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Item' + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Alert_delay' + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + enabled: + default: true + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Flapping' + name: + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Params' + rule_type_id: + description: The rule type identifier. + type: string + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Schedule' + tags: + default: [] + description: The tags for the rule. + items: + type: string + type: array + throttle: + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - name + - rule_type_id + - consumer + - schedule + ApiAlertingRule_Post_Request_Actions_Item: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter' + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + ApiAlertingRule_Post_Request_Actions_Alerts_filter: + additionalProperties: false + description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Post_Request_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Post_Request_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Post_Request_Actions_Params: + additionalProperties: {} + default: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Post_Request_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Post_Request_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts_Dashboards_Item' + maxItems: 10 + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Post_Request_Artifacts_Investigation_guide' + ApiAlertingRule_Post_Request_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Post_Request_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + maxLength: 10000 + type: string + required: + - blob + ApiAlertingRule_Post_Request_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Post_Request_Params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Post_Request_Schedule: + additionalProperties: false + description: The check interval, which specifies how frequently the rule conditions are checked. + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Post_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Post_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Post_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Post_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Post_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Post_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Post_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Post_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Post_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRule_Post_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRule_Post_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRule_Post_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Post_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Post_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRule_Post_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Post_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Post_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRule_Post_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Post_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRule_Post_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Post_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Post_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Post_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Post_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRule_Put_Request: + additionalProperties: false + type: object + properties: + actions: + default: [] + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Item' + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Alert_delay' + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Flapping' + name: + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Params' + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Schedule' + tags: + default: [] + items: + description: The tags for the rule. + type: string + type: array + throttle: + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - name + - schedule + ApiAlertingRule_Put_Request_Actions_Item: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter' + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + ApiAlertingRule_Put_Request_Actions_Alerts_filter: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Put_Request_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Put_Request_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Put_Request_Actions_Params: + additionalProperties: {} + default: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Put_Request_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Put_Request_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts_Dashboards_Item' + maxItems: 10 + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Put_Request_Artifacts_Investigation_guide' + ApiAlertingRule_Put_Request_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Put_Request_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + maxLength: 10000 + type: string + required: + - blob + ApiAlertingRule_Put_Request_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Put_Request_Params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Put_Request_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Put_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRule_Put_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRule_Put_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRule_Put_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRule_Put_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRule_Put_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRule_Put_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Artifacts_Investigation_guide' + ApiAlertingRule_Put_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRule_Put_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRule_Put_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRule_Put_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRule_Put_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRule_Put_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRule_Put_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRule_Put_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRule_Put_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRule_Put_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRule_Put_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRule_Put_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRule_Put_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRule_Put_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRule_Put_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRule_Put_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRule_Put_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRule_Put_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiAlertingRuleDisable_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + untrack: + description: Defines whether this rule's alerts should be untracked. + type: boolean + x-oas-optional: true + ApiAlertingRuleSnoozeSchedule_Post_Request: + additionalProperties: false + type: object + properties: + schedule: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule' + required: + - schedule + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom' + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiAlertingRuleSnoozeSchedule_Post_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiAlertingRuleSnoozeSchedule_Post_Response_200: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body' + required: + - body + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + schedule: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule' + required: + - schedule + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom' + id: + description: Identifier of the snooze schedule. + type: string + required: + - id + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiAlertingRuleSnoozeSchedule_Post_Response_200_Body_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiAlertingRulesFind_Get_Response_200: + additionalProperties: false + type: object + properties: + actions: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Item' + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Alert_delay' + api_key_created_by_user: + description: Indicates whether the API key that is associated with the rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: The owner of the API key that is associated with the rule and used to run background tasks. + nullable: true + type: string + artifacts: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts' + consumer: + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: Indicates whether you want to run the rule on an interval basis after it is created. + type: boolean + execution_status: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status' + flapping: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Flapping' + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Last_run' + mapped_params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Mapped_params' + monitoring: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring' + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Params' + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Schedule' + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_Item' + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: The identifier for the user that updated this rule most recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision + ApiAlertingRulesFind_Get_Response_200_Actions_Item: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter' + connector_type_id: + description: The type of connector. This property appears in responses but cannot be set in requests. + type: string + frequency: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Frequency' + group: + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Params' + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + - connector_type_id + - params + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter: + additionalProperties: false + description: Defines a period that limits whether the action runs. + type: object + properties: + query: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query' + timeframe: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe' + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query: + additionalProperties: false + type: object + properties: + dsl: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). + type: string + filters: + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item' + type: array + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + - filters + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Item: + additionalProperties: false + type: object + properties: + $state: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state' + meta: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta' + query: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query' + required: + - meta + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_$state: + additionalProperties: false + type: object + properties: + store: + description: A filter can be either specific to an application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Meta: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Query_Filters_Query: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe: + additionalProperties: false + type: object + properties: + days: + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours' + timezone: + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. + type: string + required: + - days + - hours + - timezone + ApiAlertingRulesFind_Get_Response_200_Actions_Alerts_filter_Timeframe_Hours: + additionalProperties: false + type: object + properties: + end: + description: The end of the time frame in 24-hour notation (`hh:mm`). + type: string + start: + description: The start of the time frame in 24-hour notation (`hh:mm`). + type: string + required: + - start + - end + ApiAlertingRulesFind_Get_Response_200_Actions_Frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' + nullable: true + type: string + required: + - summary + - notify_when + - throttle + ApiAlertingRulesFind_Get_Response_200_Actions_Params: + additionalProperties: {} + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. + type: object + ApiAlertingRulesFind_Get_Response_200_Alert_delay: + additionalProperties: false + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: The number of consecutive runs that must meet the rule conditions. + type: number + required: + - active + ApiAlertingRulesFind_Get_Response_200_Artifacts: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts_Dashboards_Item' + type: array + investigation_guide: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Artifacts_Investigation_guide' + ApiAlertingRulesFind_Get_Response_200_Artifacts_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiAlertingRulesFind_Get_Response_200_Artifacts_Investigation_guide: + additionalProperties: false + type: object + properties: + blob: + description: User-created content that describes alert causes and remdiation. + type: string + required: + - blob + ApiAlertingRulesFind_Get_Response_200_Execution_status: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status_Error' + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Execution_status_Warning' + required: + - status + - last_execution_date + ApiAlertingRulesFind_Get_Response_200_Execution_status_Error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + ApiAlertingRulesFind_Get_Response_200_Execution_status_Warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + ApiAlertingRulesFind_Get_Response_200_Flapping: + additionalProperties: false + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. + nullable: true + type: object + properties: + enabled: + description: Determines whether the rule can enter the flapping state. By default, rules can enter the flapping state. + type: boolean + look_back_window: + description: The minimum number of runs in which the threshold must be met. + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + description: The minimum number of times an alert must switch states in the look back window. + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + ApiAlertingRulesFind_Get_Response_200_Last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Last_run_Alerts_count' + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + ApiAlertingRulesFind_Get_Response_200_Last_run_Alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + ApiAlertingRulesFind_Get_Response_200_Mapped_params: + additionalProperties: {} + type: object + ApiAlertingRulesFind_Get_Response_200_Monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run' + required: + - run + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Calculated_metrics' + history: + description: History of the rule run. + items: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_History_Item' + type: array + last_run: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run' + required: + - history + - calculated_metrics + - last_run + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Calculated_metrics: + additionalProperties: false + description: Calculation of different percentiles and success ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_History_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: Indicates whether the rule run was successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run: + additionalProperties: false + type: object + properties: + metrics: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics' + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + gap_range: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range' + total_alerts_created: + description: Total number of alerts created during last rule run. + nullable: true + type: number + total_alerts_detected: + description: Total number of alerts detected during last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: Total time spent indexing documents during last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. + nullable: true + type: number + ApiAlertingRulesFind_Get_Response_200_Monitoring_Run_Last_run_Metrics_Gap_range: + additionalProperties: false + nullable: true + type: object + properties: + gte: + description: End of the gap range. + type: string + lte: + description: Start of the gap range. + type: string + required: + - lte + - gte + ApiAlertingRulesFind_Get_Response_200_Params: + additionalProperties: {} + description: The parameters for the rule. + type: object + ApiAlertingRulesFind_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + interval: + description: The interval is specified in seconds, minutes, hours, or days. + type: string + required: + - interval + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_Item: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule' + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: Indicates months of the year that this rule should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_1' + - $ref: '#/components/schemas/ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_2' + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: Indicates the days of the year that this rule should recur. + type: number + nullable: true + type: array + count: + description: Number of times the rule should recur until it stops. + type: number + dtstart: + description: Rule start date in Coordinated Universal Time (UTC). + type: string + freq: + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_1: + type: string + ApiAlertingRulesFind_Get_Response_200_Snooze_schedule_RRule_Byweekday_2: + type: number + ApiApmFleetApmServerSchema_Post_Request: + type: object + properties: + schema: + $ref: '#/components/schemas/ApiApmFleetApmServerSchema_Post_Request_Schema' + ApiApmFleetApmServerSchema_Post_Request_Schema: + additionalProperties: true + description: Schema object + example: + foo: bar + type: object + ApiApmFleetApmServerSchema_Post_Response_200: + additionalProperties: false + type: object + ApiApmSettingsAgentConfiguration_Put_Response_200: + additionalProperties: false + type: object + ApiApmSourcemaps_Delete_Response_200: + additionalProperties: false + type: object + ApiAssetCriticality_Delete_Response_200: + type: object + properties: + deleted: + description: True if the record was deleted or false if the record did not exist. + type: boolean + record: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' + description: The deleted record if it existed. + required: + - deleted + ApiAssetCriticality_Post_Request: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' + - $ref: '#/components/schemas/ApiAssetCriticality_Post_Request_2' + example: + criticality_level: high_impact + id_field: host.name + id_value: my_host + ApiAssetCriticality_Post_Request_2: + type: object + properties: + refresh: + description: If 'wait_for' the request will wait for the index refresh. + enum: + - wait_for + type: string + ApiAssetCriticalityBulk_Post_Request: + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 + type: object + properties: + records: + items: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' + - $ref: '#/components/schemas/ApiAssetCriticalityBulk_Post_Request_Records_2' + maxItems: 1000 + minItems: 1 + type: array + required: + - records + ApiAssetCriticalityBulk_Post_Request_Records_2: + type: object + properties: + criticality_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevelsForBulkUpload' + required: + - criticality_level + ApiAssetCriticalityBulk_Post_Response_200: + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' + type: array + stats: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' + required: + - errors + - stats + ApiAssetCriticalityList_Get_Response_200: + example: + page: 1 + per_page: 10 + records: + - '@timestamp': '2024-08-02T14:40:35.705Z' + asset: + criticality: medium_impact + criticality_level: medium_impact + host: + asset: + criticality: medium_impact + name: my_other_host + id_field: host.name + id_value: my_other_host + - '@timestamp': '2024-08-02T11:15:34.290Z' + asset: + criticality: high_impact + criticality_level: high_impact + host: + asset: + criticality: high_impact + name: my_host + id_field: host.name + id_value: my_host + total: 2 + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + ApiAttackDiscoveryBulk_Post_Request: + type: object + properties: + update: + $ref: '#/components/schemas/ApiAttackDiscoveryBulk_Post_Request_Update' + required: + - update + ApiAttackDiscoveryBulk_Post_Request_Update: + description: Configuration object containing all parameters for the bulk update operation + type: object + properties: + enable_field_rendering: + default: false + description: Enables a markdown syntax used to render pivot fields, for example `{{ user.name james }}`. When disabled, the same example would be rendered as `james`. This is primarily used for Attack discovery views within Kibana. Defaults to `false`. + example: false + type: boolean + ids: + description: Array of Attack discovery IDs to update + example: + - c0c8a8bbb4a6561856a974ee9e461f0c82e673a1f0d83f86c5a8d80fc8de4c4f + - 5aa8f2900c0b03854b3b1a52a19558c5ea9893865c78235d4ad3dcc46196f4c7 + items: + type: string + type: array + kibana_alert_workflow_status: + description: When provided, update the kibana.alert.workflow_status of the attack discovery alerts + enum: + - open + - acknowledged + - closed + example: acknowledged + type: string + visibility: + description: When provided, update the visibility of the alert, as determined by the kibana.alert.attack_discovery.users field + enum: + - not_shared + - shared + example: shared + type: string + with_replacements: + default: true + description: When true, returns the updated Attack discoveries with text replacements applied to the detailsMarkdown, entitySummaryMarkdown, summaryMarkdown, and title fields. This substitutes anonymized values with human-readable equivalents. Defaults to `true`. + example: true + type: boolean + required: + - ids + ApiAttackDiscoveryBulk_Post_Response_200: + type: object + properties: + data: + description: Array of updated Attack discovery alert objects. Each item includes the applied modifications from the bulk update request. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + required: + - data + ApiAttackDiscoveryBulk_Post_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the bulk update request + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryFind_Get_Response_200: + type: object + properties: + connector_names: + description: List of human readable connector names that are present in the matched Attack discoveries. Useful for building client filters or summaries. + items: + type: string + type: array + data: + description: Array of matched Attack discovery objects. Each item follows the `AttackDiscoveryApiAlert` schema. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + page: + description: Current page number of the paginated result set. + type: integer + per_page: + description: Number of items requested per page. + type: integer + total: + description: Total number of Attack discoveries matching the query (across all pages). + type: integer + unique_alert_ids: + description: List of unique alert IDs aggregated from the matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. + items: + type: string + type: array + unique_alert_ids_count: + description: Number of unique alert IDs across all matched Attack discoveries. Only present if `include_unique_alert_ids=true` in the request. + type: integer + required: + - connector_names + - data + - page + - per_page + - total + - unique_alert_ids_count + ApiAttackDiscoveryFind_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid request payload. + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoveryGenerate_Post_Response_200: + type: object + properties: + execution_uuid: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier for the attack discovery generation process. Use this UUID to track the generation progress and retrieve results via the find endpoint. + example: edd26039-0990-4d9f-9829-2a1fcacb77b5 + required: + - execution_uuid + ApiAttackDiscoveryGenerate_Post_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryGenerations_Get_Response_200: + type: object + properties: + generations: + description: List of attack discovery generations + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' + type: array + required: + - generations + ApiAttackDiscoveryGenerations_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid size parameter. Must be a positive number. + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoveryGenerations_Get_Response_200_1: + type: object + properties: + data: + description: Array of Attack discoveries generated during this execution. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiAlert' + type: array + generation: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryGeneration' + description: Optional metadata about the attack discovery generation process, metadata including execution status and statistics. This metadata may not be available for all generations. + required: + - data + ApiAttackDiscoveryGenerations_Get_Response_400_1: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the request + example: Invalid request parameters + type: string + status_code: + description: HTTP status code + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoveryGenerationsDismiss_Post_Response_200: + type: object + properties: + alerts_context_count: + description: The number of alerts that were sent as context to the LLM for this generation. + example: 75 + type: number + connector_id: + description: The unique identifier of the connector used to generate the attack discoveries. + example: chatGpt5_0ChatAzure + type: string + connector_stats: + $ref: '#/components/schemas/ApiAttackDiscoveryGenerationsDismiss_Post_Response_200_Connector_stats' + discoveries: + description: The number of attack discoveries that were generated during this execution. + example: 3 + type: number + end: + description: The timestamp when the generation process completed, in ISO 8601 format. This field may be absent for generations that haven't finished. + example: '2025-09-29T06:42:44.810Z' + type: string + execution_uuid: + description: The unique identifier for this attack discovery generation execution. This UUID can be used to reference this specific generation in other API calls. + example: 46b218d5-535d-4329-be56-d0f6af6986b7 + type: string + loading_message: + description: A human-readable message describing the current state or progress of the generation process. Provides context about what the AI is analyzing. + example: AI is analyzing up to 100 alerts in the last 24 hours to generate discoveries. + type: string + reason: + description: Additional context or reasoning provided when a generation fails or encounters issues. This field helps diagnose problems with the generation process. + example: Connection timeout to AI service + type: string + start: + description: The timestamp when the generation process began, in ISO 8601 format. This marks the beginning of the AI analysis. + example: '2025-09-29T06:42:08.962Z' + type: string + status: + description: The current status of the attack discovery generation. After dismissing, this will be set to "dismissed". + enum: + - canceled + - dismissed + - failed + - started + - succeeded + example: dismissed + type: string + required: + - connector_id + - discoveries + - execution_uuid + - loading_message + - start + - status + ApiAttackDiscoveryGenerationsDismiss_Post_Response_200_Connector_stats: + description: Statistical information about the connector's performance for this user, providing insights into usage patterns and success rates. + type: object + properties: + average_successful_duration_nanoseconds: + description: The average duration in nanoseconds for successful generations using this connector by the current user. + example: 47958500000 + type: number + successful_generations: + description: The total number of Attack discoveries successfully created for this generation + example: 2 + type: number + ApiAttackDiscoveryGenerationsDismiss_Post_Response_400: + type: object + properties: + error: + description: Error type or category + example: Bad Request + type: string + message: + description: Human-readable error message describing what went wrong with the request. + example: Invalid request parameters + type: string + status_code: + description: HTTP status code indicating the type of client error + example: 400 + type: number + required: + - status_code + - error + - message + ApiAttackDiscoverySchedulesFind_Get_Response_200: + type: object + properties: + data: + description: Array of matched Attack discovery schedule objects. + items: + $ref: '#/components/schemas/Security_Attack_discovery_API_AttackDiscoveryApiSchedule' + type: array + page: + description: Current page number of the paginated result set. + type: number + per_page: + description: Number of items requested per page. + type: number + total: + description: Total number of Attack discovery schedules matching the query (across all pages). + type: number + required: + - page + - per_page + - total + - data + ApiAttackDiscoverySchedulesFind_Get_Response_400: + type: object + properties: + error: + description: Error type + example: Bad Request + type: string + message: + description: Human-readable error message + example: Invalid request payload + type: string + status_code: + description: HTTP status code + example: 400 + type: number + ApiAttackDiscoverySchedules_Delete_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the deleted Attack Discovery schedule + required: + - id + ApiAttackDiscoverySchedulesDisable_Post_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the disabled Attack Discovery schedule + required: + - id + ApiAttackDiscoverySchedulesEnable_Post_Response_200: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Attack_discovery_API_NonEmptyString' + description: The unique identifier of the enabled Attack Discovery schedule + required: + - id + ApiCasesFind_Get_Response_200: + type: object + properties: + cases: + items: + $ref: '#/components/schemas/Cases_case_response_properties' + maxItems: 10000 + type: array + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer + page: + type: integer + per_page: + type: integer + total: + type: integer + ApiCasesComments_Get_Response_200: + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + ApiCasesConnectorPush_Post_Request: + nullable: true + type: object + ApiCasesUserActionsFind_Get_Response_200: + type: object + properties: + page: + type: integer + perPage: + type: integer + total: + type: integer + userActions: + items: + $ref: '#/components/schemas/Cases_user_actions_find_response_properties' + maxItems: 10000 + type: array + ApiCasesAlerts_Get_Response_200_Item: + type: object + properties: + id: + description: The case identifier. + type: string + title: + description: The case title. + type: string + ApiCasesConfigure_Get_Response_200_Item: + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Connector' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Created_by' + customFields: + description: Custom fields configuration details. + items: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_CustomFields_Item' + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Mappings_Item' + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Updated_by' + version: + example: WzIwNzMsMV0= + type: string + ApiCasesConfigure_Get_Response_200_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + ApiCasesConfigure_Get_Response_200_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + ApiCasesConfigure_Get_Response_200_Created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigure_Get_Response_200_CustomFields_Item: + type: object + properties: + defaultValue: + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_CustomFields_DefaultValue_1' + - $ref: '#/components/schemas/ApiCasesConfigure_Get_Response_200_CustomFields_DefaultValue_2' + key: + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. + type: boolean + ApiCasesConfigure_Get_Response_200_CustomFields_DefaultValue_1: + type: string + ApiCasesConfigure_Get_Response_200_CustomFields_DefaultValue_2: + type: boolean + ApiCasesConfigure_Get_Response_200_Mappings_Item: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + ApiCasesConfigure_Get_Response_200_Updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigure_Post_Response_200: + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_Connector' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_Created_by' + customFields: + description: Custom fields configuration details. + items: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_CustomFields_Item' + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_Mappings_Item' + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_Updated_by' + version: + example: WzIwNzMsMV0= + type: string + ApiCasesConfigure_Post_Response_200_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + ApiCasesConfigure_Post_Response_200_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + ApiCasesConfigure_Post_Response_200_Created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigure_Post_Response_200_CustomFields_Item: + type: object + properties: + defaultValue: + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_CustomFields_DefaultValue_1' + - $ref: '#/components/schemas/ApiCasesConfigure_Post_Response_200_CustomFields_DefaultValue_2' + key: + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. + type: boolean + ApiCasesConfigure_Post_Response_200_CustomFields_DefaultValue_1: + type: string + ApiCasesConfigure_Post_Response_200_CustomFields_DefaultValue_2: + type: boolean + ApiCasesConfigure_Post_Response_200_Mappings_Item: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + ApiCasesConfigure_Post_Response_200_Updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigure_Patch_Response_200: + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_Connector' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_Created_by' + customFields: + description: Custom fields configuration details. + items: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_CustomFields_Item' + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_Mappings_Item' + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_Updated_by' + version: + example: WzIwNzMsMV0= + type: string + ApiCasesConfigure_Patch_Response_200_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + ApiCasesConfigure_Patch_Response_200_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + ApiCasesConfigure_Patch_Response_200_Created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigure_Patch_Response_200_CustomFields_Item: + type: object + properties: + defaultValue: + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_CustomFields_DefaultValue_1' + - $ref: '#/components/schemas/ApiCasesConfigure_Patch_Response_200_CustomFields_DefaultValue_2' + key: + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. + type: boolean + ApiCasesConfigure_Patch_Response_200_CustomFields_DefaultValue_1: + type: string + ApiCasesConfigure_Patch_Response_200_CustomFields_DefaultValue_2: + type: boolean + ApiCasesConfigure_Patch_Response_200_Mappings_Item: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + ApiCasesConfigure_Patch_Response_200_Updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiCasesConfigureConnectorsFind_Get_Response_200_Item: + type: object + properties: + actionTypeId: + $ref: '#/components/schemas/Cases_connector_types' + config: + $ref: '#/components/schemas/ApiCasesConfigureConnectorsFind_Get_Response_200_Config' + id: + type: string + isDeprecated: + type: boolean + isMissingSecrets: + type: boolean + isPreconfigured: + type: boolean + name: + type: string + referencedByCount: + type: integer + ApiCasesConfigureConnectorsFind_Get_Response_200_Config: + additionalProperties: true + type: object + properties: + apiUrl: + type: string + projectKey: + type: string + ApiCasesReporters_Get_Response_200_Item: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + ApiDataViews_Get_Response_200: + type: object + properties: + data_view: + items: + $ref: '#/components/schemas/ApiDataViews_Get_Response_200_Data_view_Item' + type: array + ApiDataViews_Get_Response_200_Data_view_Item: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + $ref: '#/components/schemas/ApiDataViews_Get_Response_200_Data_view_TypeMeta' + ApiDataViews_Get_Response_200_Data_view_TypeMeta: + type: object + ApiDataViewsDataViewFields_Post_Request: + type: object + properties: + fields: + $ref: '#/components/schemas/ApiDataViewsDataViewFields_Post_Request_Fields' + required: + - fields + ApiDataViewsDataViewFields_Post_Request_Fields: + description: The field object. + type: object + ApiDataViewsDataViewFields_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + ApiDataViewsDataViewRuntimeField_Post_Request: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField' + required: + - name + - runtimeField + ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField: + description: | + The runtime field definition object. + type: object + ApiDataViewsDataViewRuntimeField_Post_Response_200: + type: object + ApiDataViewsDataViewRuntimeField_Put_Request: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Request_RuntimeField' + required: + - name + - runtimeField + ApiDataViewsDataViewRuntimeField_Put_Request_RuntimeField: + description: | + The runtime field definition object. + type: object + ApiDataViewsDataViewRuntimeField_Put_Response_200: + type: object + properties: + data_view: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200_Data_view' + fields: + items: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Put_Response_200_Fields_Item' + type: array + ApiDataViewsDataViewRuntimeField_Put_Response_200_Data_view: + type: object + ApiDataViewsDataViewRuntimeField_Put_Response_200_Fields_Item: + type: object + ApiDataViewsDataViewRuntimeField_Get_Response_200: + type: object + properties: + data_view: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200_Data_view' + fields: + items: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Get_Response_200_Fields_Item' + type: array + ApiDataViewsDataViewRuntimeField_Get_Response_200_Data_view: + type: object + ApiDataViewsDataViewRuntimeField_Get_Response_200_Fields_Item: + type: object + ApiDataViewsDataViewRuntimeField_Post_Request_1: + type: object + properties: + runtimeField: + $ref: '#/components/schemas/ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField_1' + required: + - runtimeField + ApiDataViewsDataViewRuntimeField_Post_Request_RuntimeField_1: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + ApiDataViewsDefault_Get_Response_200: + type: object + properties: + data_view_id: + type: string + ApiDataViewsDefault_Post_Request: + type: object + properties: + data_view_id: + description: | + The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + ApiDataViewsDefault_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + ApiDataViewsSwapReferences_Post_Response_200: + type: object + properties: + deleteStatus: + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200_DeleteStatus' + result: + items: + $ref: '#/components/schemas/ApiDataViewsSwapReferences_Post_Response_200_Result_Item' + type: array + ApiDataViewsSwapReferences_Post_Response_200_DeleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + ApiDataViewsSwapReferences_Post_Response_200_Result_Item: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + ApiDataViewsSwapReferencesPreview_Post_Response_200: + type: object + properties: + result: + items: + $ref: '#/components/schemas/ApiDataViewsSwapReferencesPreview_Post_Response_200_Result_Item' + type: array + ApiDataViewsSwapReferencesPreview_Post_Response_200_Result_Item: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + ApiDetectionEngineIndex_Delete_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiDetectionEngineIndex_Get_Response_200: + type: object + properties: + index_mapping_outdated: + nullable: true + type: boolean + name: + type: string + required: + - name + - index_mapping_outdated + ApiDetectionEngineIndex_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiDetectionEnginePrivileges_Get_Response_200: + type: object + properties: + has_encryption_key: + type: boolean + is_authenticated: + type: boolean + required: + - is_authenticated + - has_encryption_key + ApiDetectionEngineRulesBulkAction_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleFillGaps' + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' + ApiDetectionEngineRulesBulkAction_Post_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' + ApiDetectionEngineRulesExport_Post_Request: + nullable: true + type: object + properties: + objects: + description: Array of objects with a rule's `rule_id` field. Do not use rule's `id` here. Exports all rules when unspecified. + items: + $ref: '#/components/schemas/ApiDetectionEngineRulesExport_Post_Request_Objects_Item' + type: array + required: + - objects + ApiDetectionEngineRulesExport_Post_Request_Objects_Item: + type: object + properties: + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + required: + - rule_id + ApiDetectionEngineRulesFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + warnings: + items: + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' + type: array + required: + - page + - perPage + - total + - data + ApiDetectionEngineRulesImport_Post_Request: + type: object + properties: + file: + description: The `.ndjson` file containing the rules. + format: binary + type: string + ApiDetectionEngineRulesImport_Post_Response_200: + additionalProperties: false + type: object + properties: + action_connectors_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer + success: + type: boolean + success_count: + minimum: 0 + type: integer + required: + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count + - success + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count + ApiDetectionEngineRulesExceptions_Post_Request: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple + type: object + properties: + items: + items: + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' + type: array + required: + - items + ApiDetectionEngineRulesExceptions_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiDetectionEngineRulesPrepackaged_Put_Response_200: + additionalProperties: false + type: object + properties: + rules_installed: + description: The number of rules installed + minimum: 0 + type: integer + rules_updated: + description: The number of rules updated + minimum: 0 + type: integer + timelines_installed: + description: The number of timelines installed + minimum: 0 + type: integer + timelines_updated: + description: The number of timelines updated + minimum: 0 + type: integer + required: + - rules_installed + - rules_updated + - timelines_installed + - timelines_updated + ApiDetectionEngineRulesPrepackagedStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + rules_custom_installed: + description: The total number of custom rules + minimum: 0 + type: integer + rules_installed: + description: The total number of installed prebuilt rules + minimum: 0 + type: integer + rules_not_installed: + description: The total number of available prebuilt rules that are not installed + minimum: 0 + type: integer + rules_not_updated: + description: The total number of outdated prebuilt rules + minimum: 0 + type: integer + timelines_installed: + description: The total number of installed prebuilt timelines + minimum: 0 + type: integer + timelines_not_installed: + description: The total number of available prebuilt timelines that are not installed + minimum: 0 + type: integer + timelines_not_updated: + description: The total number of outdated prebuilt timelines + minimum: 0 + type: integer + required: + - rules_custom_installed + - rules_installed + - rules_not_installed + - rules_not_updated + - timelines_installed + - timelines_not_installed + - timelines_not_updated + ApiDetectionEngineRulesPreview_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_1' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_2' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_3' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_4' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_5' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_6' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_7' + - $ref: '#/components/schemas/ApiDetectionEngineRulesPreview_Post_Request_8' + discriminator: + propertyName: type + ApiDetectionEngineRulesPreview_Post_Request_1: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_2: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_3: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_4: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_5: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_6: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_7: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Request_8: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' + ApiDetectionEngineRulesPreview_Post_Response_200: + type: object + properties: + isAborted: + type: boolean + logs: + items: + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' + type: array + previewId: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - logs + ApiDetectionEngineRulesPreview_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsFinalizeMigration_Post_Request: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d + type: object + properties: + migration_ids: + description: Array of `migration_id`s to finalize. + items: + type: string + minItems: 1 + type: array + required: + - migration_ids + ApiDetectionEngineSignalsFinalizeMigration_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsMigration_Delete_Request: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d + type: object + properties: + migration_ids: + description: Array of `migration_id`s to cleanup. + items: + type: string + minItems: 1 + type: array + required: + - migration_ids + ApiDetectionEngineSignalsMigration_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsMigration_Post_Request: + allOf: + - $ref: '#/components/schemas/ApiDetectionEngineSignalsMigration_Post_Request_1' + - $ref: '#/components/schemas/Security_Detections_API_AlertsReindexOptions' + ApiDetectionEngineSignalsMigration_Post_Request_1: + type: object + properties: + index: + description: Array of index names to migrate. + items: + format: nonempty + minLength: 1 + type: string + minItems: 1 + type: array + required: + - index + ApiDetectionEngineSignalsMigration_Post_Response_200: + type: object + properties: + indices: + items: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess' + - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationError' + - $ref: '#/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration' + type: array + required: + - indices + ApiDetectionEngineSignalsMigration_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsMigrationStatus_Get_Response_200: + type: object + properties: + indices: + items: + $ref: '#/components/schemas/Security_Detections_API_IndexMigrationStatus' + type: array + required: + - indices + ApiDetectionEngineSignalsMigrationStatus_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsSearch_Post_Response_200: + additionalProperties: true + description: Elasticsearch search response + type: object + ApiDetectionEngineSignalsSearch_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsStatus_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + ApiDetectionEngineSignalsStatus_Post_Response_200: + additionalProperties: true + description: Elasticsearch update by query response + type: object + ApiDetectionEngineSignalsStatus_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiDetectionEngineSignalsTags_Post_Response_200: + additionalProperties: true + description: Elasticsearch update by query response + type: object + ApiDetectionEngineSignalsTags_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + ApiEncryptedSavedObjectsRotateKey_Post_Response_200: + type: object + properties: + failed: + description: | + Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that Kibana failed to re-encrypt with the primary key. + type: number + successful: + description: | + Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. + + NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that Kibana may not need or may not be able to rotate encryption keys for all encrypted saved objects. + type: number + total: + description: | + Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. + type: number + ApiEncryptedSavedObjectsRotateKey_Post_Response_429: + type: object + ApiEndpointList_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Post_Request: + type: object + properties: + comments: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' + default: [] + description: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' + entries: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' + item_id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' + meta: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' + os_types: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' + default: [] + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' + required: + - type + - name + - description + - entries + ApiEndpointListItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItems_Put_Request: + type: object + properties: + _version: + type: string + comments: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' + default: [] + description: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' + entries: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' + description: Either `id` or `item_id` must be specified + item_id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' + description: Either `id` or `item_id` must be specified + meta: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' + os_types: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' + required: + - type + - name + - description + - entries + ApiEndpointListItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointListItemsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiEndpointListItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' + ApiEndpointActionFile_Get_Response_200_Data: + type: object + properties: + actionId: + type: string + agentId: + type: string + agentType: + type: string + created: + format: date-time + type: string + id: + type: string + mimeType: + type: string + name: + type: string + size: + type: number + status: + enum: + - AWAITING_UPLOAD + - UPLOADING + - READY + - UPLOAD_ERROR + - DELETED + type: string + ApiEndpointActionIsolate_Post_Request: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + ApiEndpointActionUnisolate_Post_Request: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + ApiEndpointProtectionUpdatesNote_Post_Request: + type: object + properties: + note: + type: string + ApiEndpointScriptsLibrary_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointScript' + type: array + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + pageSize: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiPageSize' + sortDirection: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SortDirection' + sortField: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ApiSortField' + total: + description: The total number of scripts matching the query + type: integer + ApiEntityAnalyticsMonitoringEngineDelete_Delete_Response_200: + type: object + properties: + deleted: + type: boolean + required: + - deleted + ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_200: + type: object + properties: + success: + description: Indicates the scheduling was successful + type: boolean + ApiEntityAnalyticsMonitoringEngineScheduleNow_Post_Response_409: + type: object + properties: + message: + description: Error message indicating the engine is already running + type: string + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200: + type: object + properties: + error: + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Error' + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivilegeMonitoringEngineStatus' + users: + $ref: '#/components/schemas/ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Users' + required: + - status + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Error: + type: object + properties: + message: + type: string + required: + - status + ApiEntityAnalyticsMonitoringPrivilegesHealth_Get_Response_200_Users: + description: User statistics for privilege monitoring + type: object + properties: + current_count: + description: Current number of privileged users being monitored + type: integer + max_allowed: + description: Maximum number of privileged users allowed to be monitored + type: integer + required: + - current_count + - max_allowed + ApiEntityAnalyticsMonitoringUsersCsv_Post_Request: + type: object + properties: + file: + description: The CSV file to upload. + format: binary + type: string + required: + - file + ApiEntityAnalyticsMonitoringUsersCsv_Post_Response_200: + example: + errors: + - index: 1 + message: Invalid monitored field + username: john.doe + stats: + failedOperations: 1 + successfulOperations: 1 + totalOperations: 2 + uploaded: 1 + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadErrorItem' + type: array + stats: + $ref: '#/components/schemas/Security_Entity_Analytics_API_PrivmonUserCsvUploadStats' + required: + - errors + - stats + ApiEntityAnalyticsMonitoringUsers_Delete_Response_200: + type: object + properties: + acknowledged: + description: Indicates if the deletion was successful + type: boolean + message: + description: A message providing additional information about the deletion status + type: string + required: + - success + ApiEntityAnalyticsPrivilegedUserMonitoringPadInstall_Post_Response_200: + type: object + properties: + message: + type: string + required: + - message + ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200: + type: object + properties: + jobs: + items: + $ref: '#/components/schemas/ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200_Jobs_Item' + type: array + ml_module_setup_status: + enum: + - complete + - incomplete + type: string + package_installation_status: + enum: + - complete + - incomplete + type: string + required: + - package_installation_status + - ml_module_setup_status + - jobs + ApiEntityAnalyticsPrivilegedUserMonitoringPadStatus_Get_Response_200_Jobs_Item: + type: object + properties: + description: + type: string + job_id: + type: string + state: + enum: + - closing + - closed + - opened + - failed + - opening + type: string + required: + - job_id + - state + ApiEntityStoreEnable_Post_Request: + type: object + properties: + delay: + default: 1m + description: The delay before the transform will run. + pattern: '[smdh]$' + type: string + docsPerSecond: + default: -1 + description: The number of documents per second to process. + type: integer + enrichPolicyExecutionInterval: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' + entityTypes: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: + type: string + frequency: + default: 1m + description: The frequency at which the transform will run. + pattern: '[smdh]$' + type: string + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + lookbackPeriod: + default: 3h + description: The amount of time the transform looks back to calculate the aggregations. + pattern: '[smdh]$' + type: string + maxPageSearchSize: + default: 500 + description: The initial page size to use for the composite aggregation of each checkpoint. + type: integer + timeout: + default: 180s + description: The timeout for initializing the aggregating transform. + pattern: '[smdh]$' + type: string + timestampField: + default: '@timestamp' + description: The field to use as the timestamp. + type: string + ApiEntityStoreEnable_Post_Response_200: + type: object + properties: + engines: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + type: array + succeeded: + type: boolean + ApiEntityStoreEngines_Delete_Response_200: + type: object + properties: + deleted: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + still_running: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array + ApiEntityStoreEngines_Get_Response_200: + type: object + properties: + count: + type: integer + engines: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + type: array + ApiEntityStoreEngines_Delete_Response_200_1: + type: object + properties: + deleted: + type: boolean + ApiEntityStoreEnginesInit_Post_Request: + type: object + properties: + delay: + default: 1m + description: The delay before the transform will run. + pattern: '[smdh]$' + type: string + docsPerSecond: + default: -1 + description: The number of documents per second to process. + type: integer + enrichPolicyExecutionInterval: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Interval' + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: + type: string + frequency: + default: 1m + description: The frequency at which the transform will run. + pattern: '[smdh]$' + type: string + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + lookbackPeriod: + default: 3h + description: The amount of time the transform looks back to calculate the aggregations. + pattern: '[smdh]$' + type: string + maxPageSearchSize: + default: 500 + description: The initial page size to use for the composite aggregation of each checkpoint. + type: integer + timeout: + default: 180s + description: The timeout for initializing the aggregating transform. + pattern: '[smdh]$' + type: string + timestampField: + default: '@timestamp' + description: The field to use as the timestamp for the entity type. + type: string + ApiEntityStoreEnginesStart_Post_Response_200: + type: object + properties: + started: + type: boolean + ApiEntityStoreEnginesStop_Post_Response_200: + type: object + properties: + stopped: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_200: + type: object + properties: + result: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' + type: array + success: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_207: + type: object + properties: + errors: + items: + type: string + type: array + result: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' + type: array + success: + type: boolean + ApiEntityStoreEnginesApplyDataviewIndices_Post_Response_500: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiEntityStoreEntities_Delete_Request: + type: object + properties: + id: + description: Identifier of the entity to be deleted, commonly entity.id value. + type: string + required: + - id + ApiEntityStoreEntities_Delete_Response_200: + type: object + properties: + deleted: + type: boolean + ApiEntityStoreEntitiesList_Get_Response_200: + type: object + properties: + inspect: + $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + ApiEntityStoreStatus_Get_Response_200: + type: object + properties: + engines: + items: + allOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' + - $ref: '#/components/schemas/ApiEntityStoreStatus_Get_Response_200_Engines_2' + type: array + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus' + required: + - status + - engines + ApiEntityStoreStatus_Get_Response_200_Engines_2: + type: object + properties: + components: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineComponentStatus' + type: array + ApiExceptionLists_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Post_Request: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + default: [] + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' + default: 1 + required: + - name + - description + - type + ApiExceptionLists_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionLists_Put_Request: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection + type: object + properties: + _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. + type: string + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' + required: + - name + - description + - type + ApiExceptionLists_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsDuplicate_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsExport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiExceptionListsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsImport_Post_Request: + type: object + properties: + file: + description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + format: binary + type: string + ApiExceptionListsImport_Post_Response_200: + type: object + properties: + errors: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean + required: + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + ApiExceptionListsImport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Delete_Response_400: + example: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Post_Request: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemGeneric' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEndpointList' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedAppsLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemTrustedDevicesWindowsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemEventFilters' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemHostIsolation' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemBlocklistMac' + ApiExceptionListsItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItems_Put_Request: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemGeneric' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEndpointList' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedAppsLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemTrustedDevicesWindowsMac' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemEventFilters' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemHostIsolation' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistWindows' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistLinux' + - $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemBlocklistMac' + ApiExceptionListsItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsItemsFind_Get_Response_200: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + ApiExceptionListsItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionListsSummary_Get_Response_200: + type: object + properties: + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + ApiExceptionListsSummary_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiExceptionsShared_Post_Request: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + required: + - name + - description + ApiExceptionsShared_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + ApiFeatures_Get_Response_200: + type: object + ApiFleetAgentDownloadSources_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgentDownloadSources_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl' + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Get_Response_200_Items_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Post_Request: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Ssl' + required: + - name + - host + ApiFleetAgentDownloadSources_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl' + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Post_Request_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Post_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Get_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentDownloadSources_Put_Request: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Ssl' + required: + - name + - host + ApiFleetAgentDownloadSources_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl' + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Put_Request_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item' + required: + - item + ApiFleetAgentDownloadSources_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Ssl' + required: + - id + - name + - host + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl' + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentDownloadSources_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetAgentDownloadSources_Put_Response_200_Item_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + ApiFleetAgentDownloadSources_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgentPolicies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Get_Response_200_Items_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Get_Response_200_Items_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources' + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Get_Response_200_Items_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Items_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Items_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Post_Request: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless' + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Overrides' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + space_ids: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + ApiFleetAgentPolicies_Post_Request_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Post_Request_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Post_Request_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Resources' + ApiFleetAgentPolicies_Post_Request_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Post_Request_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Post_Request_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Post_Request_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Post_Request_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Request_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Post_Request_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Post_Request_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Post_Request_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Post_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Post_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Post_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Post_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Post_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesBulkGet_Post_Request: + additionalProperties: false + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + ignoreMissing: + type: boolean + required: + - ids + ApiFleetAgentPoliciesBulkGet_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources_Requests' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_1: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Global_data_tags_Value_2: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Uploader' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_1' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides_Inputs' + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_3: + type: number + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesBulkGet_Post_Response_200_Items_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPoliciesBulkGet_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Get_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Get_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Get_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Get_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Get_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPolicies_Put_Request: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless' + bumpRevision: + type: boolean + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Overrides' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + space_ids: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the agent policy supports agentless integrations. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + ApiFleetAgentPolicies_Put_Request_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Put_Request_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Put_Request_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Resources' + ApiFleetAgentPolicies_Put_Request_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Put_Request_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Put_Request_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Put_Request_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Put_Request_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Request_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Put_Request_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Put_Request_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Put_Request_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item' + required: + - item + ApiFleetAgentPolicies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPolicies_Put_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPolicies_Put_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources' + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPolicies_Put_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPolicies_Put_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPolicies_Put_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPolicies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + currentVersions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200_CurrentVersions_Item' + maxItems: 10000 + type: array + totalAgents: + type: number + required: + - currentVersions + - totalAgents + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_200_CurrentVersions_Item: + additionalProperties: false + type: object + properties: + agents: + description: Number of agents that upgraded to this version + type: number + failedUpgradeActionIds: + description: List of action IDs related to failed upgrades + items: + type: string + maxItems: 1000 + type: array + failedUpgradeAgents: + description: Number of agents that failed to upgrade to this version + type: number + inProgressUpgradeActionIds: + description: List of action IDs related to in-progress upgrades + items: + type: string + maxItems: 1000 + type: array + inProgressUpgradeAgents: + description: Number of agents that are upgrading to this version + type: number + version: + description: Agent version + type: string + required: + - version + - agents + - failedUpgradeAgents + - inProgressUpgradeAgents + ApiFleetAgentPoliciesAutoUpgradeAgentsStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesCopy_Post_Request: + additionalProperties: false + type: object + properties: + description: + type: string + name: + minLength: 1 + type: string + required: + - name + ApiFleetAgentPoliciesCopy_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item' + required: + - item + ApiFleetAgentPoliciesCopy_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + advanced_settings: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Advanced_settings' + agent_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agent_features_Item' + maxItems: 100 + type: array + agentless: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless' + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fips_agents: + type: number + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Item' + maxItems: 10 + type: array + has_agent_version_conditions: + type: boolean + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics' + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + maxItems: 3 + type: array + monitoring_http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http' + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Overrides' + package_policies: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_2' + required_versions: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Required_versions_Item' + maxItems: 100 + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + maxItems: 100 + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_protected + - status + - updated_at + - updated_by + - revision + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_internal: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_monitoring_runtime_experimental: + nullable: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agent_features_Item: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless: + additionalProperties: false + type: object + properties: + cloud_connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Cloud_connectors' + resources: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Cloud_connectors: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + target_csp: + enum: + - aws + - azure + - gcp + type: string + required: + - enabled + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources: + additionalProperties: false + type: object + properties: + requests: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources_Requests' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Agentless_Resources_Requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Item: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_2' + required: + - name + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_1: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Global_data_tags_Value_2: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Uploader' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http_Buffer' + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Monitoring_http_Buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_2: + description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Item' + maxItems: 10000 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_1' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_2: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides_Inputs' + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_1_1: + type: boolean + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_2_1: + type: string + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_3: + type: number + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Package_policies_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentPoliciesCopy_Post_Response_200_Item_Required_versions_Item: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + ApiFleetAgentPoliciesCopy_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDownload_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDownload_Get_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesFull_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_2' + required: + - item + ApiFleetAgentPoliciesFull_Get_Response_200_Item_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_2: + additionalProperties: false + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent' + connectors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Connectors' + exporters: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Exporters' + extensions: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Extensions' + fleet: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_2' + id: + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Item' + maxItems: 10000 + type: array + namespaces: + items: + type: string + maxItems: 100 + type: array + output_permissions: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions' + outputs: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs' + processors: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Processors' + receivers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Receivers' + revision: + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Secret_references_Item' + maxItems: 10000 + type: array + service: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service' + signed: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Signed' + required: + - id + - outputs + - inputs + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + download: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download' + features: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features' + internal: {} + limits: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Limits' + logging: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring' + protection: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Protection' + required: + - monitoring + - download + - features + - internal + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download: + additionalProperties: false + type: object + properties: + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers' + proxy_url: + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets' + sourceURI: + type: string + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Ssl' + target_directory: + type: string + timeout: + type: string + required: + - sourceURI + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl_Key' + required: + - key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Secrets_Ssl_Key: + additionalProperties: true + type: object + properties: + id: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Download_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Features_Value: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Limits: + additionalProperties: false + type: object + properties: + go_max_procs: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging: + additionalProperties: false + type: object + properties: + files: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Files' + level: + type: string + metrics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Metrics' + to_files: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Files: + additionalProperties: false + type: object + properties: + interval: + type: string + keepfiles: + type: number + rotateeverybytes: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Logging_Metrics: + additionalProperties: false + type: object + properties: + period: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring: + additionalProperties: false + type: object + properties: + _runtime_experimental: + type: string + apm: {} + diagnostics: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics' + enabled: + type: boolean + http: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Http' + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Pprof' + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + - apm + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics: + additionalProperties: false + type: object + properties: + limit: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Limit' + uploader: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Uploader' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Diagnostics_Uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Http: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Monitoring_Pprof: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Agent_Protection: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + signing_key: + type: string + uninstall_token_hash: + type: string + required: + - enabled + - uninstall_token_hash + - signing_key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Connectors: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Exporters: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Extensions: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_1: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + maxItems: 100 + type: array + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers' + proxy_url: + type: string + secrets: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Ssl' + required: + - hosts + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl_Key' + required: + - key + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Secrets_Ssl_Key: + additionalProperties: true + type: object + properties: + id: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_2: + additionalProperties: false + type: object + properties: + kibana: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Kibana' + required: + - kibana + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Fleet_Kibana: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + maxItems: 100 + type: array + path: + type: string + protocol: + type: string + required: + - hosts + - protocol + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Data_stream' + id: + type: string + meta: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta' + name: + type: string + package_policy_id: + type: string + processors: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Item' + maxItems: 10000 + type: array + revision: + type: number + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta: + additionalProperties: true + type: object + properties: + package: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta_Package' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Meta_Package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Item: + additionalProperties: true + type: object + properties: + add_fields: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields' + required: + - add_fields + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields: + additionalProperties: true + type: object + properties: + fields: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields' + target: + type: string + required: + - target + - fields + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_2' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Processors_Add_fields_Fields_2: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Data_stream' + id: + type: string + required: + - id + - data_stream + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Output_permissions_Value: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Value: + additionalProperties: true + type: object + properties: + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 100 + type: array + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers' + proxy_url: + type: string + type: + type: string + required: + - type + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_3' + nullable: true + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_1: + type: string + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_2: + type: boolean + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Outputs_Proxy_headers_3: + type: number + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Processors: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Receivers: + additionalProperties: {} + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service: + additionalProperties: false + type: object + properties: + extensions: + items: + type: string + maxItems: 1000 + type: array + pipelines: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines' + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines_Value' + type: object + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Service_Pipelines_Value: + additionalProperties: false + type: object + properties: + exporters: + items: + type: string + maxItems: 1000 + type: array + processors: + items: + type: string + maxItems: 1000 + type: array + receivers: + items: + type: string + maxItems: 1000 + type: array + x-oas-optional: true + ApiFleetAgentPoliciesFull_Get_Response_200_Item_Signed: + additionalProperties: false + type: object + properties: + data: + type: string + signature: + type: string + required: + - data + - signature + ApiFleetAgentPoliciesFull_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesOutputs_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item' + required: + - item + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring' + required: + - monitoring + - data + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data: + additionalProperties: false + type: object + properties: + integrations: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Integrations_Item' + maxItems: 1000 + type: array + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Integrations_Item: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Data_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring: + additionalProperties: false + type: object + properties: + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Get_Response_200_Item_Monitoring_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesDelete_Post_Request: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + force: + description: bypass validation checks that can prevent agent policy deletion + type: boolean + required: + - agentPolicyId + ApiFleetAgentPoliciesDelete_Post_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesDelete_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentPoliciesOutputs_Post_Request: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + required: + - ids + ApiFleetAgentPoliciesOutputs_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data' + monitoring: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring' + required: + - monitoring + - data + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data: + additionalProperties: false + type: object + properties: + integrations: + items: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Integrations_Item' + maxItems: 1000 + type: array + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Integrations_Item: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Data_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring: + additionalProperties: false + type: object + properties: + output: + $ref: '#/components/schemas/ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring_Output' + required: + - output + ApiFleetAgentPoliciesOutputs_Post_Response_200_Items_Monitoring_Output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + ApiFleetAgentPoliciesOutputs_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + results: + $ref: '#/components/schemas/ApiFleetAgentStatus_Get_Response_200_Results' + required: + - results + ApiFleetAgentStatus_Get_Response_200_Results: + additionalProperties: false + type: object + properties: + active: + type: number + all: + type: number + error: + type: number + events: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + orphaned: + type: number + other: + type: number + unenrolled: + type: number + uninstalled: + type: number + updating: + type: number + required: + - events + - online + - error + - offline + - other + - updating + - inactive + - unenrolled + - all + - active + ApiFleetAgentStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentStatusData_Get_Response_200: + additionalProperties: false + type: object + properties: + dataPreview: + items: {} + maxItems: 10000 + type: array + items: + items: + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + - dataPreview + ApiFleetAgentStatusData_Get_Response_200_Items_Item: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentStatusData_Get_Response_200_Items_Value' + type: object + ApiFleetAgentStatusData_Get_Response_200_Items_Value: + additionalProperties: false + type: object + properties: + data: + type: boolean + required: + - data + ApiFleetAgentStatusData_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Post_Request: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + cloud_connector: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Cloud_connector' + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + package: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package' + policy_template: + description: The policy template to use for the agentless package policy. If not provided, the default policy template will be used. + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars' + required: + - name + - package + ApiFleetAgentlessPolicies_Post_Request_Cloud_connector: + additionalProperties: false + type: object + properties: + cloud_connector_id: + description: ID of an existing cloud connector to reuse. If not provided, a new connector will be created. + type: string + enabled: + default: false + description: Whether cloud connectors are enabled for this policy. + type: boolean + name: + description: Optional name for the cloud connector. If not provided, will be auto-generated from credentials. + maxLength: 255 + minLength: 1 + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars' + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars' + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentlessPolicies_Post_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Request_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + ApiFleetAgentlessPolicies_Post_Request_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Request_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Request_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item' + required: + - item + ApiFleetAgentlessPolicies_Post_Response_200_Item: + additionalProperties: false + description: The created agentless package policy. + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch_Privileges' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_1' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides_Inputs' + ApiFleetAgentlessPolicies_Post_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetAgentlessPolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetAgentlessPolicies_Post_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_2_1: + type: string + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_3: + type: number + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetAgentlessPolicies_Post_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetAgentlessPolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Post_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Delete_Response_200: + additionalProperties: false + description: Response for deleting an agentless package policy. + type: object + properties: + id: + description: The ID of the deleted agentless package policy. + type: string + required: + - id + ApiFleetAgentlessPolicies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentlessPolicies_Delete_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + nextSearchAfter: + type: string + page: + type: number + perPage: + type: number + pit: + type: string + statusSummary: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_StatusSummary' + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetAgents_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Get_Response_200_Items_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Get_Response_200_Items_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Items_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Items_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Items_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Items_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Items_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Get_Response_200_Items_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs_Value' + type: object + ApiFleetAgents_Get_Response_200_Items_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Get_Response_200_Items_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Items_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Get_Response_200_Items_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Get_Response_200_Items_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Items_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Get_Response_200_Items_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Get_Response_200_Items_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_StatusSummary: + additionalProperties: + type: number + type: object + ApiFleetAgents_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Post_Request: + additionalProperties: false + type: object + properties: + actionIds: + items: + type: string + maxItems: 1000 + type: array + required: + - actionIds + ApiFleetAgents_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgents_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Delete_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + ApiFleetAgents_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item' + required: + - item + ApiFleetAgents_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Get_Response_200_Item_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Get_Response_200_Item_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Item_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Get_Response_200_Item_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Item_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Item_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_200_Item_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Get_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgents_Get_Response_200_Item_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Get_Response_200_Item_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Get_Response_200_Item_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Get_Response_200_Item_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Get_Response_200_Item_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Get_Response_200_Item_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Get_Response_200_Item_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Get_Response_200_Item_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgents_Put_Request: + additionalProperties: false + type: object + properties: + tags: + items: + type: string + maxItems: 10 + type: array + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Request_User_provided_metadata' + ApiFleetAgents_Put_Request_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item' + required: + - item + ApiFleetAgents_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Agent' + audit_unenrolled_reason: + type: string + components: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Item' + maxItems: 10000 + type: array + default_api_key: + type: string + default_api_key_history: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Default_api_key_history_Item' + maxItems: 100 + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + last_known_status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + local_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Local_metadata' + metrics: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Metrics' + namespaces: + items: + type: string + maxItems: 100 + type: array + outputs: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs' + packages: + items: + type: string + maxItems: 10000 + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: {} + maxItems: 10 + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + maxItems: 100 + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + maxItems: 3 + nullable: true + type: array + upgrade: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade' + upgrade_attempts: + items: + type: string + maxItems: 10000 + nullable: true + type: array + upgrade_details: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_details' + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_User_provided_metadata' + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + ApiFleetAgents_Put_Response_200_Item_Agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + ApiFleetAgents_Put_Response_200_Item_Components_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Units_Item' + maxItems: 10000 + type: array + required: + - id + - type + - status + - message + ApiFleetAgents_Put_Response_200_Item_Components_Units_Item: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Components_Units_Payload' + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + - '' + type: string + required: + - id + - type + - status + - message + ApiFleetAgents_Put_Response_200_Item_Components_Units_Payload: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200_Item_Default_api_key_history_Item: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Put_Response_200_Item_Local_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_200_Item_Metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + ApiFleetAgents_Put_Response_200_Item_Outputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs_Value' + type: object + ApiFleetAgents_Put_Response_200_Item_Outputs_Value: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Outputs_To_retire_api_key_ids_Item' + maxItems: 100 + type: array + type: + type: string + ApiFleetAgents_Put_Response_200_Item_Outputs_To_retire_api_key_ids_Item: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + ApiFleetAgents_Put_Response_200_Item_Upgrade: + additionalProperties: false + type: object + properties: + rollbacks: + items: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_Rollbacks_Item' + maxItems: 100 + type: array + ApiFleetAgents_Put_Response_200_Item_Upgrade_Rollbacks_Item: + additionalProperties: false + type: object + properties: + valid_until: + type: string + version: + type: string + required: + - valid_until + - version + ApiFleetAgents_Put_Response_200_Item_Upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + $ref: '#/components/schemas/ApiFleetAgents_Put_Response_200_Item_Upgrade_details_Metadata' + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + ApiFleetAgents_Put_Response_200_Item_Upgrade_details_Metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + ApiFleetAgents_Put_Response_200_Item_User_provided_metadata: + additionalProperties: {} + type: object + ApiFleetAgents_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActions_Post_Request: + additionalProperties: false + type: object + properties: + action: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_1' + - $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_2' + required: + - action + ApiFleetAgentsActions_Post_Request_Action_1: + additionalProperties: false + type: object + properties: + ack_data: {} + data: {} + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + required: + - type + - data + - ack_data + ApiFleetAgentsActions_Post_Request_Action_2: + additionalProperties: false + type: object + properties: + data: + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Request_Action_Data' + type: + enum: + - SETTINGS + type: string + required: + - type + - data + ApiFleetAgentsActions_Post_Request_Action_Data: + additionalProperties: false + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + required: + - log_level + ApiFleetAgentsActions_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentsActions_Post_Response_200_Item' + required: + - item + ApiFleetAgentsActions_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + maxItems: 10000 + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + maxItems: 100 + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + ApiFleetAgentsActions_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsMigrate_Post_Request: + additionalProperties: false + type: object + properties: + enrollment_token: + type: string + settings: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings' + uri: + format: uri + type: string + required: + - uri + - enrollment_token + ApiFleetAgentsMigrate_Post_Request_Settings: + additionalProperties: false + type: object + properties: + ca_sha256: + type: string + certificate_authorities: + type: string + elastic_agent_cert: + type: string + elastic_agent_cert_key: + type: string + elastic_agent_cert_key_passphrase: + type: string + headers: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings_Headers' + insecure: + type: boolean + proxy_disabled: + type: boolean + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentsMigrate_Post_Request_Settings_Proxy_headers' + proxy_url: + type: string + replace_token: + type: string + staging: + type: string + tags: + items: + type: string + maxItems: 10 + type: array + ApiFleetAgentsMigrate_Post_Request_Settings_Headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsMigrate_Post_Request_Settings_Proxy_headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsMigrate_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsMigrate_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsPrivilegeLevelChange_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + user_info: + $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Request_User_info' + ApiFleetAgentsPrivilegeLevelChange_Post_Request_User_info: + additionalProperties: false + type: object + properties: + groupname: + type: string + password: + type: string + username: + type: string + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_1' + - $ref: '#/components/schemas/ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_2' + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_1: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsPrivilegeLevelChange_Post_Response_200_2: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetAgentsPrivilegeLevelChange_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsReassign_Post_Request: + additionalProperties: false + type: object + properties: + policy_id: + type: string + required: + - policy_id + ApiFleetAgentsReassign_Post_Response_200: + additionalProperties: false + type: object + properties: {} + ApiFleetAgentsReassign_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsRequestDiagnostics_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + maxItems: 1 + type: array + ApiFleetAgentsRequestDiagnostics_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsRequestDiagnostics_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsRollback_Post_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200_1' + - $ref: '#/components/schemas/ApiFleetAgentsRollback_Post_Response_200_2' + ApiFleetAgentsRollback_Post_Response_200_1: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsRollback_Post_Response_200_2: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetAgentsRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsUnenroll_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + revoke: + type: boolean + ApiFleetAgentsUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + force: + type: boolean + skipRateLimitCheck: + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + ApiFleetAgentsUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: {} + ApiFleetAgentsUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsUploads_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentsUploads_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsUploads_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + actionId: + type: string + createTime: + type: string + error: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - EXPIRED + - IN_PROGRESS + - FAILED + type: string + required: + - id + - name + - filePath + - createTime + - status + - actionId + ApiFleetAgentsUploads_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActionStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsActionStatus_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + hasRolloutPeriod: + type: boolean + is_automatic: + type: boolean + latestErrors: + items: + $ref: '#/components/schemas/ApiFleetAgentsActionStatus_Get_Response_200_Items_LatestErrors_Item' + maxItems: 10 + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: number + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - UPGRADE + - UNENROLL + - SETTINGS + - POLICY_REASSIGN + - CANCEL + - FORCE_UNENROLL + - REQUEST_DIAGNOSTICS + - UPDATE_TAGS + - POLICY_CHANGE + - INPUT_ACTION + - MIGRATE + - PRIVILEGE_LEVEL_CHANGE + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - type + - nbAgentsActioned + - status + - creationTime + ApiFleetAgentsActionStatus_Get_Response_200_Items_LatestErrors_Item: + additionalProperties: false + description: latest errors that happened when the agents executed the action + type: object + properties: + agentId: + type: string + error: + type: string + hostname: + type: string + timestamp: + type: string + required: + - agentId + - error + - timestamp + ApiFleetAgentsActionStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsActionsCancel_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetAgentsActionsCancel_Post_Response_200_Item' + required: + - item + ApiFleetAgentsActionsCancel_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + maxItems: 10000 + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + maxItems: 100 + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + ApiFleetAgentsActionsCancel_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsAvailableVersions_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsAvailableVersions_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkMigrate_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Agents_2' + batchSize: + type: number + enrollment_token: + type: string + settings: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings' + uri: + format: uri + type: string + required: + - agents + - uri + - enrollment_token + ApiFleetAgentsBulkMigrate_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkMigrate_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkMigrate_Post_Request_Settings: + additionalProperties: false + type: object + properties: + ca_sha256: + type: string + certificate_authorities: + type: string + elastic_agent_cert: + type: string + elastic_agent_cert_key: + type: string + elastic_agent_cert_key_passphrase: + type: string + headers: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings_Headers' + insecure: + type: boolean + proxy_disabled: + type: boolean + proxy_headers: + $ref: '#/components/schemas/ApiFleetAgentsBulkMigrate_Post_Request_Settings_Proxy_headers' + proxy_url: + type: string + staging: + type: string + tags: + items: + type: string + maxItems: 10 + type: array + ApiFleetAgentsBulkMigrate_Post_Request_Settings_Headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsBulkMigrate_Post_Request_Settings_Proxy_headers: + additionalProperties: + type: string + type: object + ApiFleetAgentsBulkMigrate_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkMigrate_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_2' + batchSize: + type: number + user_info: + $ref: '#/components/schemas/ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_User_info' + required: + - agents + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Request_User_info: + additionalProperties: false + type: object + properties: + groupname: + type: string + password: + type: string + username: + type: string + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkPrivilegeLevelChange_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkReassign_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkReassign_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + policy_id: + type: string + required: + - policy_id + - agents + ApiFleetAgentsBulkReassign_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkReassign_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkReassign_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkReassign_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkRequestDiagnostics_Post_Request: + additionalProperties: false + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + maxItems: 1 + type: array + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_2' + batchSize: + type: number + required: + - agents + ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkRequestDiagnostics_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkRequestDiagnostics_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkRequestDiagnostics_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkRollback_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkRollback_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + required: + - agents + ApiFleetAgentsBulkRollback_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkRollback_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + actionIds: + items: + type: string + maxItems: 10000 + type: array + required: + - actionIds + ApiFleetAgentsBulkRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUnenroll_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUnenroll_Post_Request_Agents_2' + batchSize: + type: number + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: When passing agents by KQL query, unenrolls inactive agents too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents + ApiFleetAgentsBulkUnenroll_Post_Request_Agents_1: + items: + description: list of agent IDs + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUnenroll_Post_Request_Agents_2: + description: KQL query string, leave empty to action all agents + type: string + ApiFleetAgentsBulkUnenroll_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUnenroll_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUpdateAgentTags_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_2' + batchSize: + type: number + includeInactive: + default: false + type: boolean + tagsToAdd: + items: + type: string + maxItems: 10 + type: array + tagsToRemove: + items: + type: string + maxItems: 10 + type: array + required: + - agents + ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUpdateAgentTags_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkUpdateAgentTags_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUpdateAgentTags_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsBulkUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request_Agents_1' + - $ref: '#/components/schemas/ApiFleetAgentsBulkUpgrade_Post_Request_Agents_2' + batchSize: + type: number + force: + type: boolean + includeInactive: + default: false + type: boolean + rollout_duration_seconds: + minimum: 600 + type: number + skipRateLimitCheck: + type: boolean + source_uri: + type: string + start_time: + type: string + version: + type: string + required: + - agents + - version + ApiFleetAgentsBulkUpgrade_Post_Request_Agents_1: + items: + type: string + maxItems: 10000 + type: array + ApiFleetAgentsBulkUpgrade_Post_Request_Agents_2: + type: string + ApiFleetAgentsBulkUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + ApiFleetAgentsBulkUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsFiles_Delete_Response_200: + additionalProperties: false + type: object + properties: + deleted: + type: boolean + id: + type: string + required: + - id + - deleted + ApiFleetAgentsFiles_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsFiles_Get_Response_200: + type: object + ApiFleetAgentsFiles_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsSetup_Get_Response_200: + additionalProperties: false + description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. + type: object + properties: + is_action_secrets_storage_enabled: + type: boolean + is_secrets_storage_enabled: + type: boolean + is_space_awareness_enabled: + type: boolean + is_ssl_secrets_storage_enabled: + type: boolean + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + maxItems: 1 + type: array + missing_requirements: + items: + enum: + - security_required + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + maxItems: 5 + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + ApiFleetAgentsSetup_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsSetup_Post_Response_200: + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + $ref: '#/components/schemas/ApiFleetAgentsSetup_Post_Response_200_NonFatalErrors_Item' + maxItems: 10000 + type: array + required: + - isInitialized + - nonFatalErrors + ApiFleetAgentsSetup_Post_Response_200_NonFatalErrors_Item: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + ApiFleetAgentsSetup_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetAgentsTags_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetAgentsTags_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCheckPermissions_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + enum: + - MISSING_SECURITY + - MISSING_PRIVILEGES + - MISSING_FLEET_SERVER_SETUP_PRIVILEGES + type: string + success: + type: boolean + required: + - success + ApiFleetCheckPermissions_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetCloudConnectors_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Items_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Get_Response_200_Items_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Post_Request: + additionalProperties: false + type: object + properties: + accountType: + description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' + enum: + - single-account + - organization-account + type: string + cloudProvider: + description: 'The cloud provider type: aws, azure, or gcp.' + enum: + - aws + - azure + - gcp + type: string + name: + description: The name of the cloud connector. + maxLength: 255 + minLength: 1 + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars' + required: + - name + - cloudProvider + - vars + ApiFleetCloudConnectors_Post_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_4' + type: object + ApiFleetCloudConnectors_Post_Request_Vars_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Post_Request_Vars_2: + type: number + ApiFleetCloudConnectors_Post_Request_Vars_3: + type: boolean + ApiFleetCloudConnectors_Post_Request_Vars_4: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + maxLength: 50 + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_Value_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Request_Vars_Value_2' + required: + - type + - value + ApiFleetCloudConnectors_Post_Request_Vars_Value_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Post_Request_Vars_Value_2: + additionalProperties: false + type: object + properties: + id: + maxLength: 255 + type: string + isSecretRef: + type: boolean + required: + - isSecretRef + - id + ApiFleetCloudConnectors_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Post_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Post_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetCloudConnectors_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Get_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Get_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectors_Put_Request: + additionalProperties: false + type: object + properties: + accountType: + description: 'The account type: single-account (single account/subscription) or organization-account (organization-wide).' + enum: + - single-account + - organization-account + type: string + name: + description: The name of the cloud connector. + maxLength: 255 + minLength: 1 + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars' + ApiFleetCloudConnectors_Put_Request_Vars: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_2' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_3' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_4' + type: object + ApiFleetCloudConnectors_Put_Request_Vars_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Put_Request_Vars_2: + type: number + ApiFleetCloudConnectors_Put_Request_Vars_3: + type: boolean + ApiFleetCloudConnectors_Put_Request_Vars_4: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + maxLength: 50 + type: string + value: + anyOf: + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_Value_1' + - $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Request_Vars_Value_2' + required: + - type + - value + ApiFleetCloudConnectors_Put_Request_Vars_Value_1: + maxLength: 1000 + type: string + ApiFleetCloudConnectors_Put_Request_Vars_Value_2: + additionalProperties: false + type: object + properties: + id: + maxLength: 255 + type: string + isSecretRef: + type: boolean + required: + - isSecretRef + - id + ApiFleetCloudConnectors_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200_Item' + required: + - item + ApiFleetCloudConnectors_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + accountType: + type: string + cloudProvider: + type: string + created_at: + type: string + id: + type: string + name: + type: string + namespace: + type: string + packagePolicyCount: + type: number + updated_at: + type: string + vars: + $ref: '#/components/schemas/ApiFleetCloudConnectors_Put_Response_200_Item_Vars' + required: + - id + - name + - cloudProvider + - vars + - packagePolicyCount + - created_at + - updated_at + ApiFleetCloudConnectors_Put_Response_200_Item_Vars: + additionalProperties: {} + type: object + ApiFleetCloudConnectors_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetCloudConnectorsUsage_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + name: + type: string + package: + $ref: '#/components/schemas/ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Package' + policy_ids: + items: + type: string + maxItems: 10000 + type: array + updated_at: + type: string + required: + - id + - name + - policy_ids + - created_at + - updated_at + ApiFleetCloudConnectorsUsage_Get_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + version: + type: string + required: + - name + - title + - version + ApiFleetCloudConnectorsUsage_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetDataStreams_Get_Response_200: + additionalProperties: false + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Item' + maxItems: 10000 + type: array + required: + - data_streams + ApiFleetDataStreams_Get_Response_200_Data_streams_Item: + additionalProperties: false + type: object + properties: + dashboards: + items: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Dashboards_Item' + maxItems: 10000 + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + serviceDetails: + $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_ServiceDetails' + size_in_bytes: + type: number + size_in_bytes_formatted: + anyOf: + - $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_1' + - $ref: '#/components/schemas/ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_2' + type: + type: string + required: + - index + - dataset + - namespace + - type + - package + - package_version + - last_activity_ms + - size_in_bytes + - size_in_bytes_formatted + - dashboards + - serviceDetails + ApiFleetDataStreams_Get_Response_200_Data_streams_Dashboards_Item: + additionalProperties: false + type: object + properties: + id: + type: string + title: + type: string + required: + - id + - title + ApiFleetDataStreams_Get_Response_200_Data_streams_ServiceDetails: + additionalProperties: false + nullable: true + type: object + properties: + environment: + type: string + serviceName: + type: string + required: + - environment + - serviceName + ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_1: + type: number + ApiFleetDataStreams_Get_Response_200_Data_streams_Size_in_bytes_formatted_2: + type: string + ApiFleetDataStreams_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_List_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + - list + ApiFleetEnrollmentApiKeys_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_200_List_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Post_Request: + additionalProperties: false + type: object + properties: + expiration: + type: string + name: + type: string + policy_id: + type: string + required: + - policy_id + ApiFleetEnrollmentApiKeys_Post_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Post_Response_200_Item' + required: + - item + - action + ApiFleetEnrollmentApiKeys_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Delete_Response_200: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + ApiFleetEnrollmentApiKeys_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEnrollmentApiKeys_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEnrollmentApiKeys_Get_Response_200_Item' + required: + - item + ApiFleetEnrollmentApiKeys_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + hidden: + type: boolean + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + ApiFleetEnrollmentApiKeys_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmBulkAssets_Post_Request: + additionalProperties: false + type: object + properties: + assetIds: + items: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Request_AssetIds_Item' + maxItems: 10000 + type: array + required: + - assetIds + ApiFleetEpmBulkAssets_Post_Request_AssetIds_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - id + - type + ApiFleetEpmBulkAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmBulkAssets_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + appLink: + type: string + attributes: + $ref: '#/components/schemas/ApiFleetEpmBulkAssets_Post_Response_200_Items_Attributes' + id: + type: string + type: + type: string + updatedAt: + type: string + required: + - id + - type + - attributes + ApiFleetEpmBulkAssets_Post_Response_200_Items_Attributes: + additionalProperties: false + type: object + properties: + description: + type: string + service: + type: string + title: + type: string + ApiFleetEpmBulkAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCategories_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmCategories_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmCategories_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + ApiFleetEpmCategories_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCustomIntegrations_Post_Request: + additionalProperties: false + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Request_Datasets_Item' + maxItems: 10 + type: array + force: + type: boolean + integrationName: + type: string + required: + - integrationName + - datasets + ApiFleetEpmCustomIntegrations_Post_Request_Datasets_Item: + additionalProperties: false + type: object + properties: + name: + type: string + type: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + required: + - name + - type + ApiFleetEpmCustomIntegrations_Post_Response_200: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200__meta' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmCustomIntegrations_Post_Response_200__meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_Type_2: + type: string + ApiFleetEpmCustomIntegrations_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmCustomIntegrations_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmCustomIntegrations_Put_Request: + additionalProperties: false + type: object + properties: + categories: + items: + type: string + maxItems: 10 + type: array + readMeData: + type: string + required: + - readMeData + ApiFleetEpmCustomIntegrations_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmDataStreams_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmDataStreams_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmDataStreams_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmDataStreams_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackages_Get_Response_200_Items_Item: + additionalProperties: true + type: object + properties: + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery' + download: + type: string + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Icons_Item' + maxItems: 10 + type: array + id: + type: string + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo' + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - id + ApiFleetEpmPackages_Get_Response_200_Items_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Kibana' + ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Items_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Items_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Items_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Get_Response_200_Items_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Get_Response_200_Items_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Items_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Get_Response_200_Items_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Type_4: + type: string + ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Get_Response_200_Items_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Get_Response_200_Items_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Post_Response_200: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200__meta' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmPackages_Post_Response_200__meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmPackages_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Post_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Post_Response_200_Items_Type_2: + type: string + ApiFleetEpmPackages_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulk_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request_Packages_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Request_Packages_2' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulk_Post_Request_Packages_1: + type: string + ApiFleetEpmPackagesBulk_Post_Request_Packages_2: + additionalProperties: false + type: object + properties: + name: + type: string + prerelease: + type: boolean + version: + type: string + required: + - name + - version + ApiFleetEpmPackagesBulk_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackagesBulk_Post_Response_200_Items_1: + additionalProperties: false + type: object + properties: + name: + type: string + result: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result' + version: + type: string + required: + - name + - version + - result + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_2' + maxItems: 10000 + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_2' + required: + - id + - type + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_Type_2: + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Result_Assets_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackagesBulk_Post_Response_200_Items_2: + additionalProperties: false + type: object + properties: + error: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_2' + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_1: + type: string + ApiFleetEpmPackagesBulk_Post_Response_200_Items_Error_2: {} + ApiFleetEpmPackagesBulk_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkRollback_Post_Request: + additionalProperties: false + type: object + properties: + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulkRollback_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + description: Package name to rollback + type: string + required: + - name + ApiFleetEpmPackagesBulkRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkRollback_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkRollback_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkRollback_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUninstall_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + required: + - packages + ApiFleetEpmPackagesBulkUninstall_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetEpmPackagesBulkUninstall_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkUninstall_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUninstall_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkUninstall_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUninstall_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Post_Request_Packages_Item' + maxItems: 1000 + minItems: 1 + type: array + prerelease: + type: boolean + upgrade_package_policies: + default: false + type: boolean + required: + - packages + ApiFleetEpmPackagesBulkUpgrade_Post_Request_Packages_Item: + additionalProperties: false + type: object + properties: + name: + type: string + version: + type: string + required: + - name + ApiFleetEpmPackagesBulkUpgrade_Post_Response_200: + additionalProperties: false + type: object + properties: + taskId: + type: string + required: + - taskId + ApiFleetEpmPackagesBulkUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Error' + results: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Item' + maxItems: 10000 + type: array + status: + type: string + required: + - status + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Item: + additionalProperties: false + type: object + properties: + error: + $ref: '#/components/schemas/ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Error' + name: + type: string + success: + type: boolean + required: + - name + - success + ApiFleetEpmPackagesBulkUpgrade_Get_Response_200_Results_Error: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetEpmPackagesBulkUpgrade_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Delete_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_2' + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackages_Delete_Response_200_Items_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Delete_Response_200_Items_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Delete_Response_200_Items_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Delete_Response_200_Items_Type_2: + type: string + ApiFleetEpmPackages_Delete_Response_200_Items_2: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item' + metadata: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Metadata' + required: + - item + ApiFleetEpmPackages_Get_Response_200_Item: + additionalProperties: true + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Agent' + asset_tags: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Asset_tags_Item' + maxItems: 1000 + type: array + assets: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Assets' + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery' + download: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Elasticsearch' + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Icons_Item' + maxItems: 10 + type: array + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo' + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Screenshots_Item' + maxItems: 10 + type: array + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - assets + ApiFleetEpmPackages_Get_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Agent_Privileges' + ApiFleetEpmPackages_Get_Response_200_Item_Agent_Privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Item_Asset_tags_Item: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + maxItems: 100 + type: array + asset_types: + items: + type: string + maxItems: 10 + type: array + text: + type: string + required: + - text + ApiFleetEpmPackages_Get_Response_200_Item_Assets: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Kibana' + ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Item_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Get_Response_200_Item_Elasticsearch: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Get_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Get_Response_200_Item_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Item_Screenshots_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Get_Response_200_Item_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Get_Response_200_Item_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Type_4: + type: string + ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Get_Response_200_Item_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Get_Response_200_Item_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Get_Response_200_Metadata: + additionalProperties: false + type: object + properties: + has_policies: + type: boolean + required: + - has_policies + ApiFleetEpmPackages_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + default: false + type: boolean + ignore_constraints: + default: false + type: boolean + ApiFleetEpmPackages_Post_Response_200_1: + additionalProperties: false + type: object + properties: + _meta: + $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200__meta_1' + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_1_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_2_1' + maxItems: 10000 + type: array + required: + - items + - _meta + ApiFleetEpmPackages_Post_Response_200__meta_1: + additionalProperties: false + type: object + properties: + install_source: + type: string + name: + type: string + required: + - install_source + - name + ApiFleetEpmPackages_Post_Response_200_Items_1_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_1_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Post_Response_200_Items_Type_2_1' + required: + - id + - type + ApiFleetEpmPackages_Post_Response_200_Items_Type_1_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Post_Response_200_Items_Type_2_1: + type: string + ApiFleetEpmPackages_Post_Response_200_Items_2_1: + additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Post_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Put_Request: + additionalProperties: false + type: object + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate + ApiFleetEpmPackages_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item' + required: + - item + ApiFleetEpmPackages_Put_Response_200_Item: + additionalProperties: true + type: object + properties: + agent: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Agent' + asset_tags: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Asset_tags_Item' + maxItems: 1000 + type: array + assets: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Assets' + categories: + items: + type: string + maxItems: 10 + type: array + conditions: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions' + data_streams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Data_streams_Item' + maxItems: 1000 + type: array + description: + type: string + discovery: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery' + download: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Elasticsearch' + format_version: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Icons_Item' + maxItems: 10 + type: array + installationInfo: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo' + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Owner' + path: + type: string + policy_templates: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Policy_templates_Item' + maxItems: 100 + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Screenshots_Item' + maxItems: 10 + type: array + signature_path: + type: string + source: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Source' + status: + type: string + title: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_2' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_3' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Type_4' + var_groups: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Item' + maxItems: 20 + type: array + vars: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Vars_Item' + maxItems: 1000 + type: array + version: + type: string + required: + - name + - version + - title + - assets + ApiFleetEpmPackages_Put_Response_200_Item_Agent: + additionalProperties: false + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Agent_Privileges' + ApiFleetEpmPackages_Put_Response_200_Item_Agent_Privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + ApiFleetEpmPackages_Put_Response_200_Item_Asset_tags_Item: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + maxItems: 100 + type: array + asset_types: + items: + type: string + maxItems: 10 + type: array + text: + type: string + required: + - text + ApiFleetEpmPackages_Put_Response_200_Item_Assets: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Conditions: + additionalProperties: true + type: object + properties: + elastic: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Elastic' + kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Kibana' + ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + maxItems: 10 + type: array + subscription: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Conditions_Kibana: + additionalProperties: true + type: object + properties: + version: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Data_streams_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Discovery: + additionalProperties: true + type: object + properties: + datasets: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Datasets_Item' + maxItems: 10 + type: array + fields: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Fields_Item' + maxItems: 10 + type: array + ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Datasets_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Put_Response_200_Item_Discovery_Fields_Item: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + ApiFleetEpmPackages_Put_Response_200_Item_Elasticsearch: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Icons_Item: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana' + created_at: + type: string + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_es_Item' + maxItems: 10000 + type: array + installed_kibana: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Item' + maxItems: 10000 + type: array + installed_kibana_space_id: + type: string + is_rollback_ttl_expired: + type: boolean + latest_executed_state: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_executed_state' + latest_install_failed_attempts: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item' + maxItems: 10 + type: array + name: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + previous_version: + nullable: true + type: string + rolled_back: + type: boolean + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana: + additionalProperties: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item' + maxItems: 100 + type: array + type: object + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Additional_spaces_installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Item: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Experimental_data_stream_features_Features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_es_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + - knowledge_base + - esql_view + type: string + version: + type: string + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Item: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + originId: + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_1' + - $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_2' + required: + - id + - type + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_1: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Installed_kibana_Type_2: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Item: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error' + target_version: + type: string + required: + - created_at + - target_version + - error + ApiFleetEpmPackages_Put_Response_200_Item_InstallationInfo_Latest_install_failed_attempts_Error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + ApiFleetEpmPackages_Put_Response_200_Item_Owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Policy_templates_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_200_Item_Screenshots_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackages_Put_Response_200_Item_Source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + ApiFleetEpmPackages_Put_Response_200_Item_Type_1: + enum: + - integration + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_2: + enum: + - input + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_3: + enum: + - content + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Type_4: + type: string + ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Item: + additionalProperties: true + type: object + properties: + description: + type: string + name: + type: string + options: + items: + $ref: '#/components/schemas/ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Options_Item' + maxItems: 20 + type: array + selector_title: + type: string + title: + type: string + required: + - name + - title + - selector_title + - options + ApiFleetEpmPackages_Put_Response_200_Item_Var_groups_Options_Item: + additionalProperties: true + type: object + properties: + description: + type: string + hide_in_deployment_modes: + items: + enum: + - default + - agentless + type: string + maxItems: 2 + type: array + name: + type: string + title: + type: string + vars: + items: + type: string + maxItems: 100 + type: array + required: + - name + - title + - vars + ApiFleetEpmPackages_Put_Response_200_Item_Vars_Item: + additionalProperties: {} + type: object + ApiFleetEpmPackages_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackages_Get_Response_400_2: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesDatastreamAssets_Delete_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesDatastreamAssets_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesKibanaAssets_Delete_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesKibanaAssets_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesKibanaAssets_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + space_ids: + description: When provided install assets in the specified spaces instead of the current space. + items: + type: string + maxItems: 100 + minItems: 1 + type: array + ApiFleetEpmPackagesKibanaAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesKibanaAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesRuleAssets_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + ApiFleetEpmPackagesRuleAssets_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + required: + - success + ApiFleetEpmPackagesRuleAssets_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesTransformsAuthorize_Post_Request: + additionalProperties: false + type: object + properties: + transforms: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesTransformsAuthorize_Post_Request_Transforms_Item' + maxItems: 1000 + type: array + required: + - transforms + ApiFleetEpmPackagesTransformsAuthorize_Post_Request_Transforms_Item: + additionalProperties: false + type: object + properties: + transformId: + type: string + required: + - transformId + ApiFleetEpmPackagesTransformsAuthorize_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + error: + nullable: true + success: + type: boolean + transformId: + type: string + required: + - transformId + - success + - error + ApiFleetEpmPackagesTransformsAuthorize_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesRollback_Post_Response_200: + additionalProperties: false + type: object + properties: + success: + type: boolean + version: + type: string + required: + - version + - success + ApiFleetEpmPackagesRollback_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesStats_Get_Response_200: + additionalProperties: false + type: object + properties: + response: + $ref: '#/components/schemas/ApiFleetEpmPackagesStats_Get_Response_200_Response' + required: + - response + ApiFleetEpmPackagesStats_Get_Response_200_Response: + additionalProperties: false + type: object + properties: + agent_policy_count: + type: number + package_policy_count: + type: number + required: + - agent_policy_count + - package_policy_count + ApiFleetEpmPackagesStats_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesInstalled_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + searchAfter: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_1' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_2' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_3' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_4' + - $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_5' + maxItems: 2 + type: array + total: + type: number + required: + - items + - total + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + dataStreams: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_DataStreams_Item' + maxItems: 10000 + type: array + description: + type: string + icons: + items: + $ref: '#/components/schemas/ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Icons_Item' + maxItems: 10 + type: array + name: + type: string + status: + type: string + title: + type: string + version: + type: string + required: + - name + - version + - status + - dataStreams + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_DataStreams_Item: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + required: + - name + - title + ApiFleetEpmPackagesInstalled_Get_Response_200_Items_Icons_Item: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_1: + type: string + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_2: + type: number + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_3: + type: boolean + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_4: + enum: [] + nullable: true + ApiFleetEpmPackagesInstalled_Get_Response_200_SearchAfter_5: {} + ApiFleetEpmPackagesInstalled_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmPackagesLimited_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + type: string + maxItems: 10000 + type: array + required: + - items + ApiFleetEpmPackagesLimited_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmTemplatesInputs_Get_Response_200: + anyOf: + - $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_1' + - $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_2' + ApiFleetEpmTemplatesInputs_Get_Response_200_1: + type: string + ApiFleetEpmTemplatesInputs_Get_Response_200_2: + additionalProperties: false + type: object + properties: + inputs: + items: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Item' + maxItems: 10000 + type: array + required: + - inputs + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Item: + additionalProperties: false + type: object + properties: + id: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + required: + - id + - type + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Data_stream' + id: + type: string + required: + - id + - data_stream + ApiFleetEpmTemplatesInputs_Get_Response_200_Inputs_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetEpmTemplatesInputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetEpmVerificationKeyId_Get_Response_200: + additionalProperties: false + type: object + properties: + id: + nullable: true + type: string + required: + - id + ApiFleetEpmVerificationKeyId_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetFleetServerHosts_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl' + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Items_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Post_Request: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Ssl' + required: + - name + - host_urls + ApiFleetFleetServerHosts_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl' + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Post_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Post_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Get_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetFleetServerHosts_Put_Request: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Ssl' + required: + - proxy_id + ApiFleetFleetServerHosts_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl' + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Put_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item' + required: + - item + ApiFleetFleetServerHosts_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets' + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Ssl' + required: + - name + - host_urls + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl' + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: false + type: object + properties: + agent_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_2' + es_key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_2' + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Agent_key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Es_key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetFleetServerHosts_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetFleetServerHosts_Put_Response_200_Item_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + agent_certificate: + type: string + agent_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + agent_key: + type: string + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + client_auth: + enum: + - optional + - required + - none + type: string + es_certificate: + type: string + es_certificate_authorities: + items: + type: string + maxItems: 10 + type: array + es_key: + type: string + key: + type: string + ApiFleetFleetServerHosts_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetHealthCheck_Post_Request: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetHealthCheck_Post_Response_200: + additionalProperties: false + type: object + properties: + host_id: + type: string + name: + type: string + status: + type: string + required: + - status + ApiFleetHealthCheck_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetHealthCheck_Post_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetes_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + type: string + required: + - item + ApiFleetKubernetes_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetesDownload_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetKubernetesDownload_Get_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetLogstashApiKeys_Post_Response_200: + additionalProperties: false + type: object + properties: + api_key: + type: string + required: + - api_key + ApiFleetLogstashApiKeys_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_200: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetMessageSigningServiceRotateKeyPair_Post_Response_500: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_4' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetOutputs_Get_Response_200_Items_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_1' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Items_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Get_Response_200_Items_Compression_level_1: + type: number + ApiFleetOutputs_Get_Response_200_Items_Compression_level_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Compression_level_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Compression_level_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Compression_level_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Get_Response_200_Items_Connection_type_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Connection_type_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Connection_type_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Connection_type_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Get_Response_200_Items_Password_1: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Password_2_1' + ApiFleetOutputs_Get_Response_200_Items_Password_1_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Password_2_1: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Password_2_2: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Password_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Password_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Password_5: + type: string + ApiFleetOutputs_Get_Response_200_Items_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Password_2_3: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Password_3_1: + type: number + ApiFleetOutputs_Get_Response_200_Items_Password_4_1: + type: object + ApiFleetOutputs_Get_Response_200_Items_Password_5_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Items_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Items_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_3' + ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Password_2: + type: string + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Items_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Get_Response_200_Items_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Items_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Items_Username_1: + type: string + ApiFleetOutputs_Get_Response_200_Items_Username_2: + not: {} + ApiFleetOutputs_Get_Response_200_Items_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Items_Username_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Items_Username_3: + type: number + ApiFleetOutputs_Get_Response_200_Items_Username_4: + type: object + ApiFleetOutputs_Get_Response_200_Items_Username_5: + type: string + ApiFleetOutputs_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_4' + ApiFleetOutputs_Post_Request_1: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl' + ApiFleetOutputs_Post_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Post_Request_Shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_2: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets_1: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_1' + ApiFleetOutputs_Post_Request_Secrets_Service_token_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Post_Request_Secrets_Ssl_1: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Post_Request_Shipper_1: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_1: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_3: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Request_Secrets_2: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_2: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_2: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Post_Request_Shipper_2: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_2: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_4: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Post_Request_Compression_level_1: + type: number + ApiFleetOutputs_Post_Request_Compression_level_2: + not: {} + ApiFleetOutputs_Post_Request_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Compression_level_3: + type: number + ApiFleetOutputs_Post_Request_Compression_level_4: + type: object + ApiFleetOutputs_Post_Request_Compression_level_5: + type: string + ApiFleetOutputs_Post_Request_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Post_Request_Connection_type_2: + not: {} + ApiFleetOutputs_Post_Request_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Connection_type_3: + type: number + ApiFleetOutputs_Post_Request_Connection_type_4: + type: object + ApiFleetOutputs_Post_Request_Connection_type_5: + type: string + ApiFleetOutputs_Post_Request_Hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Post_Request_Headers_Item: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Post_Request_Password_1: + not: {} + ApiFleetOutputs_Post_Request_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Password_2_1' + ApiFleetOutputs_Post_Request_Password_1_1: + type: string + ApiFleetOutputs_Post_Request_Password_2_1: + not: {} + ApiFleetOutputs_Post_Request_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Post_Request_Password_2_2: + type: boolean + ApiFleetOutputs_Post_Request_Password_3: + type: number + ApiFleetOutputs_Post_Request_Password_4: + type: object + ApiFleetOutputs_Post_Request_Password_5: + type: string + ApiFleetOutputs_Post_Request_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Post_Request_Password_2_3: + type: boolean + ApiFleetOutputs_Post_Request_Password_3_1: + type: number + ApiFleetOutputs_Post_Request_Password_4_1: + type: object + ApiFleetOutputs_Post_Request_Password_5_1: + type: string + ApiFleetOutputs_Post_Request_Random: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Request_Round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Request_Sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Post_Request_Secrets_3: + additionalProperties: false + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_3' + ApiFleetOutputs_Post_Request_Secrets_Password_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Password_2: + type: string + ApiFleetOutputs_Post_Request_Secrets_Ssl_3: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_1_3: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Request_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Post_Request_Shipper_3: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Request_Ssl_3: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Request_Username_1: + type: string + ApiFleetOutputs_Post_Request_Username_2: + not: {} + ApiFleetOutputs_Post_Request_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Request_Username_2_1: + type: boolean + ApiFleetOutputs_Post_Request_Username_3: + type: number + ApiFleetOutputs_Post_Request_Username_4: + type: object + ApiFleetOutputs_Post_Request_Username_5: + type: string + ApiFleetOutputs_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Post_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Post_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Post_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Post_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Post_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Post_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Password_2_1' + ApiFleetOutputs_Post_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Post_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Post_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Post_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Post_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Post_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Post_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Post_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Post_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Post_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Post_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Post_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Post_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Post_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Post_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetOutputs_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Delete_Response_404: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Get_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Get_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Get_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Get_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Get_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Get_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Password_2_1' + ApiFleetOutputs_Get_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Get_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Get_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Get_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Get_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Get_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Get_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Get_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Get_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Get_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Get_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Get_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Get_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Get_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Get_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputs_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_4' + ApiFleetOutputs_Put_Request_1: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + ApiFleetOutputs_Put_Request_Secrets: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl' + ApiFleetOutputs_Put_Request_Secrets_Ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Put_Request_Shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_2: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + ApiFleetOutputs_Put_Request_Secrets_1: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_1' + ApiFleetOutputs_Put_Request_Secrets_Service_token_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Put_Request_Secrets_Ssl_1: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Put_Request_Shipper_1: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_1: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_3: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_2' + type: + enum: + - logstash + type: string + ApiFleetOutputs_Put_Request_Secrets_2: + additionalProperties: false + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_2: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_2: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Put_Request_Shipper_2: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_2: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_4: + additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Username_2' + version: + type: string + required: + - name + - compression_level + - connection_type + - username + - password + ApiFleetOutputs_Put_Request_Compression_level_1: + type: number + ApiFleetOutputs_Put_Request_Compression_level_2: + not: {} + ApiFleetOutputs_Put_Request_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Compression_level_3: + type: number + ApiFleetOutputs_Put_Request_Compression_level_4: + type: object + ApiFleetOutputs_Put_Request_Compression_level_5: + type: string + ApiFleetOutputs_Put_Request_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Put_Request_Connection_type_2: + not: {} + ApiFleetOutputs_Put_Request_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Connection_type_3: + type: number + ApiFleetOutputs_Put_Request_Connection_type_4: + type: object + ApiFleetOutputs_Put_Request_Connection_type_5: + type: string + ApiFleetOutputs_Put_Request_Hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Put_Request_Headers_Item: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Put_Request_Password_1: + not: {} + ApiFleetOutputs_Put_Request_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Password_2_1' + ApiFleetOutputs_Put_Request_Password_1_1: + type: string + ApiFleetOutputs_Put_Request_Password_2_1: + not: {} + ApiFleetOutputs_Put_Request_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Put_Request_Password_2_2: + type: boolean + ApiFleetOutputs_Put_Request_Password_3: + type: number + ApiFleetOutputs_Put_Request_Password_4: + type: object + ApiFleetOutputs_Put_Request_Password_5: + type: string + ApiFleetOutputs_Put_Request_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Put_Request_Password_2_3: + type: boolean + ApiFleetOutputs_Put_Request_Password_3_1: + type: number + ApiFleetOutputs_Put_Request_Password_4_1: + type: object + ApiFleetOutputs_Put_Request_Password_5_1: + type: string + ApiFleetOutputs_Put_Request_Random: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Request_Round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Request_Sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Put_Request_Secrets_3: + additionalProperties: false + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_3' + ApiFleetOutputs_Put_Request_Secrets_Password_1: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Password_2: + type: string + ApiFleetOutputs_Put_Request_Secrets_Ssl_3: + additionalProperties: false + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_1_3: + additionalProperties: false + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Request_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Put_Request_Shipper_3: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Request_Ssl_3: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Request_Username_1: + type: string + ApiFleetOutputs_Put_Request_Username_2: + not: {} + ApiFleetOutputs_Put_Request_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Request_Username_2_1: + type: boolean + ApiFleetOutputs_Put_Request_Username_3: + type: number + ApiFleetOutputs_Put_Request_Username_4: + type: object + ApiFleetOutputs_Put_Request_Username_5: + type: string + ApiFleetOutputs_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_4' + required: + - item + ApiFleetOutputs_Put_Response_200_Item_1: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl' + type: + enum: + - elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_2: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + kibana_api_key: + nullable: true + type: string + kibana_url: + nullable: true + type: string + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_1' + service_token: + nullable: true + type: string + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_1' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_1' + sync_integrations: + type: boolean + sync_uninstalled_integrations: + type: boolean + type: + enum: + - remote_elasticsearch + type: string + write_to_logs_streams: + nullable: true + type: boolean + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets_1: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_1' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Service_token_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_1: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_1' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_1: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_1: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_3: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_2' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_2' + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + ApiFleetOutputs_Put_Response_200_Item_Secrets_2: + additionalProperties: true + type: object + properties: + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_2: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_2' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_2: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_2: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_2: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_4: + additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + maxItems: 1000 + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Compression_level_2' + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Connection_type_2' + hash: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Hash' + headers: + items: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Headers_Item' + maxItems: 100 + type: array + hosts: + items: + type: string + maxItems: 10 + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_3_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_4_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_5_1' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2' + proxy_id: + nullable: true + type: string + random: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Random' + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Round_robin' + sasl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Sasl' + secrets: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_3' + shipper: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Shipper_3' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Ssl_3' + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_2_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Username_2' + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + ApiFleetOutputs_Put_Response_200_Item_Compression_level_1: + type: number + ApiFleetOutputs_Put_Response_200_Item_Compression_level_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Compression_level_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Compression_level_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Compression_level_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Compression_level_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Compression_level_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Connection_type_1: + enum: + - plaintext + - encryption + type: string + ApiFleetOutputs_Put_Response_200_Item_Connection_type_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Connection_type_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Connection_type_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Connection_type_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Connection_type_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Connection_type_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Headers_Item: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + ApiFleetOutputs_Put_Response_200_Item_Password_1: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Password_2: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_2' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_4' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_1_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Password_2_1' + ApiFleetOutputs_Put_Response_200_Item_Password_1_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Password_2_1: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Password_1_2: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Password_2_2: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Password_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Password_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Password_5: + type: string + ApiFleetOutputs_Put_Response_200_Item_Password_1_3: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Password_2_3: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Password_3_1: + type: number + ApiFleetOutputs_Put_Response_200_Item_Password_4_1: + type: object + ApiFleetOutputs_Put_Response_200_Item_Password_5_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Random: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Response_200_Item_Round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + ApiFleetOutputs_Put_Response_200_Item_Sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_3: + additionalProperties: true + type: object + properties: + password: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_1' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_2' + ssl: + $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_3' + ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_1: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Password_2: + type: string + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_3: + additionalProperties: true + type: object + properties: + key: + anyOf: + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_3' + - $ref: '#/components/schemas/ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_3' + required: + - key + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_1_3: + additionalProperties: true + type: object + properties: + hash: + type: string + id: + type: string + required: + - id + ApiFleetOutputs_Put_Response_200_Item_Secrets_Ssl_Key_2_3: + type: string + ApiFleetOutputs_Put_Response_200_Item_Shipper_3: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ApiFleetOutputs_Put_Response_200_Item_Ssl_3: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + maxItems: 10 + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + ApiFleetOutputs_Put_Response_200_Item_Username_1: + type: string + ApiFleetOutputs_Put_Response_200_Item_Username_2: + not: {} + ApiFleetOutputs_Put_Response_200_Item_Username_1_1: + items: {} + type: array + ApiFleetOutputs_Put_Response_200_Item_Username_2_1: + type: boolean + ApiFleetOutputs_Put_Response_200_Item_Username_3: + type: number + ApiFleetOutputs_Put_Response_200_Item_Username_4: + type: object + ApiFleetOutputs_Put_Response_200_Item_Username_5: + type: string + ApiFleetOutputs_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetOutputsHealth_Get_Response_200: + additionalProperties: false + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + required: + - state + - message + - timestamp + ApiFleetOutputsHealth_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetPackagePolicies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Items_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Items_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Overrides_Inputs' + ApiFleetPackagePolicies_Get_Response_200_Items_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Get_Response_200_Items_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Get_Response_200_Items_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Items_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_2_1: + type: string + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Items_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_2' + description: You should use inputs as an object and not use the deprecated inputs array. + ApiFleetPackagePolicies_Post_Request_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Item' + maxItems: 1000 + type: array + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars' + required: + - name + - inputs + ApiFleetPackagePolicies_Post_Request_Inputs_Item: + additionalProperties: false + type: object + properties: + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars' + required: + - type + - enabled + ApiFleetPackagePolicies_Post_Request_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Overrides_Inputs' + ApiFleetPackagePolicies_Post_Request_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Post_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Request_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Request_2: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_1' + policy_id: + deprecated: true + description: Deprecated. Use policy_ids instead. + nullable: true + type: string + policy_ids: + description: IDs of the agent policies which that package policy will be added to. + items: + type: string + maxItems: 1000 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Vars_1' + required: + - name + - package + ApiFleetPackagePolicies_Post_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Vars_1' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Request_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Request_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Request_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Request_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Request_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Request_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Post_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Post_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Post_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Post_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Post_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Post_Response_409: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesBulkGet_Post_Request: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + maxItems: 1000 + type: array + ignoreMissing: + type: boolean + required: + - ids + ApiFleetPackagePoliciesBulkGet_Post_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Item' + maxItems: 10000 + type: array + required: + - items + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch_Privileges' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_1' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_1' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_2: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides_Inputs' + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_1_1: + type: boolean + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_2_1: + type: string + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_3: + type: number + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesBulkGet_Post_Response_200_Items_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesBulkGet_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesBulkGet_Post_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePolicies_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Get_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Get_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Get_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Get_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Get_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Get_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePolicies_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_2' + ApiFleetPackagePolicies_Put_Request_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + type: boolean + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Item' + maxItems: 100 + type: array + is_managed: + type: boolean + name: + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars' + version: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Item: + additionalProperties: false + type: object + properties: + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars' + required: + - type + - enabled + ApiFleetPackagePolicies_Put_Request_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Overrides_Inputs' + ApiFleetPackagePolicies_Put_Request_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Put_Request_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Request_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Request_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Request_2: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 100 + nullable: true + type: array + description: + description: Policy description. + type: string + force: + description: Force package policy creation even if the package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Policy unique identifier. + type: string + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs' + name: + description: Unique name for the policy. + type: string + namespace: + description: Policy namespace. When not specified, it inherits the agent policy namespace. + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_1' + policy_id: + deprecated: true + description: Deprecated. Use policy_ids instead. + nullable: true + type: string + policy_ids: + description: IDs of the agent policies which that package policy will be added to. + items: + type: string + maxItems: 1000 + type: array + supports_agentless: + default: false + deprecated: true + description: Indicates whether the package policy belongs to an agentless agent policy. Deprecated in favor of the Fleet agentless policies API. + nullable: true + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Vars_1' + required: + - name + - package + ApiFleetPackagePolicies_Put_Request_Inputs: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Vars_1' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Request_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Request_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Request_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Request_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Request_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Request_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Request_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Request_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item' + required: + - item + ApiFleetPackagePolicies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch' + enabled: + type: boolean + id: + description: Package policy unique identifier. + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Response_200_Item_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_1' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_1' + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_2: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_200_Item_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Overrides_Inputs' + ApiFleetPackagePolicies_Put_Response_200_Item_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePolicies_Put_Response_200_Item_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePolicies_Put_Response_200_Item_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePolicies_Put_Response_200_Item_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_1_1: + type: boolean + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_2_1: + type: string + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_3: + type: number + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePolicies_Put_Response_200_Item_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePolicies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePolicies_Put_Response_403: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesDelete_Post_Request: + additionalProperties: false + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + required: + - packagePolicyIds + ApiFleetPackagePoliciesDelete_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Body' + id: + type: string + name: + type: string + output_id: + nullable: true + type: string + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package' + policy_id: + deprecated: true + description: Use `policy_ids` instead + nullable: true + type: string + policy_ids: + items: + type: string + maxItems: 10000 + type: array + statusCode: + type: number + success: + type: boolean + required: + - id + - success + - policy_ids + - package + ApiFleetPackagePoliciesDelete_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesDelete_Post_Response_200_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesDelete_Post_Response_200_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesDelete_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesUpgrade_Post_Request: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + required: + - packagePolicyIds + ApiFleetPackagePoliciesUpgrade_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgrade_Post_Response_200_Body' + id: + type: string + name: + type: string + statusCode: + type: number + success: + type: boolean + required: + - id + - success + ApiFleetPackagePoliciesUpgrade_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgrade_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetPackagePoliciesUpgradeDryrun_Post_Request: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + maxItems: 1000 + type: array + packageVersion: + type: string + required: + - packagePolicyIds + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + agent_diff: + items: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Item' + maxItems: 10000 + type: array + maxItems: 1 + type: array + body: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Body' + diff: + items: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_2' + maxItems: 2 + type: array + hasErrors: + type: boolean + name: + type: string + statusCode: + type: number + required: + - hasErrors + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Data_stream' + id: + type: string + meta: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta' + name: + type: string + package_policy_id: + type: string + processors: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Item' + maxItems: 10000 + type: array + revision: + type: number + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Item' + maxItems: 10000 + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta: + additionalProperties: true + type: object + properties: + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta_Package' + required: + - package + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Meta_Package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Item: + additionalProperties: true + type: object + properties: + add_fields: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields' + required: + - add_fields + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields: + additionalProperties: true + type: object + properties: + fields: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields' + target: + type: string + required: + - target + - fields + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_2' + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_1: + type: string + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Processors_Add_fields_Fields_2: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Item: + additionalProperties: true + type: object + properties: + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Data_stream' + id: + type: string + required: + - data_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Agent_diff_Streams_Data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_1: + additionalProperties: false + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + agents: + type: number + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch' + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_2' + description: Package policy inputs. + is_managed: + type: boolean + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + description: Package policy revision. + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item' + maxItems: 100 + type: array + spaceIds: + items: + type: string + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections' + vars: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2' + description: Package level variable. + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + - revision + - updated_at + - updated_by + - created_at + - created_by + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_1: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item' + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Value' + description: Package policy inputs. Refer to the integration documentation to know which inputs are available. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that input. Defaults to `true` (enabled). + type: boolean + streams: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Value' + description: Input streams. Refer to the integration documentation to know which streams are available. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Value: + additionalProperties: false + type: object + properties: + enabled: + description: Enable or disable that stream. Defaults to `true` (enabled). + type: boolean + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_2: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features' + required: + - data_stream + - features + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2_1' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_3' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_4' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_5' + - $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_6' + nullable: true + description: Input/stream level variable. Refer to the integration documentation for more information. + type: object + x-oas-optional: true + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_1_1: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_2_1: + type: string + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_3: + type: number + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_4: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_5: + items: + type: number + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_6: + additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_2: + additionalProperties: true + type: object + properties: + additional_datastreams_permissions: + description: Additional datastream permissions, that will be added to the agent policy. + items: + type: string + maxItems: 1000 + nullable: true + type: array + cloud_connector_id: + description: ID of the cloud connector associated with this package policy. + nullable: true + type: string + cloud_connector_name: + description: Transient field for cloud connector name during creation. + maxLength: 255 + minLength: 1 + nullable: true + type: string + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_1' + enabled: + type: boolean + errors: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Errors_Item' + maxItems: 10 + type: array + force: + type: boolean + id: + type: string + inputs: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item_1' + maxItems: 100 + type: array + is_managed: + type: boolean + missingVars: + items: + type: string + maxItems: 100 + type: array + name: + description: Unique name for the package policy. + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_1' + package: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_1' + policy_id: + deprecated: true + description: ID of the agent policy which the package policy will be added to. + nullable: true + type: string + policy_ids: + items: + description: IDs of the agent policies which that package policy will be added to. + type: string + maxItems: 1000 + type: array + revision: + type: number + secret_references: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item_1' + maxItems: 100 + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + supports_cloud_connector: + default: false + description: Indicates whether the package policy supports cloud connectors. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections_1' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars' + version: + description: Package policy ES version. + type: string + required: + - name + - enabled + - inputs + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_1: + additionalProperties: true + type: object + properties: + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Elasticsearch_Privileges_1: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Errors_Item: + additionalProperties: false + type: object + properties: + key: + type: string + message: + type: string + required: + - message + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Item_1: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_1' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item_1' + maxItems: 100 + type: array + type: + type: string + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_2' + required: + - type + - enabled + - streams + - compiled_input + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Config_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Item_1: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_1' + data_stream: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_1' + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + var_group_selections: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_2' + vars: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_2' + required: + - enabled + - data_stream + - compiled_stream + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_1: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Config_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_1: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_1' + type: + type: string + required: + - dataset + - type + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_1: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Data_stream_Elasticsearch_Privileges_1: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + maxItems: 100 + type: array + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Var_group_selections_2: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Streams_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Inputs_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_1: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs_1' + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Overrides_Inputs_1: + additionalProperties: {} + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_1: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item_1' + maxItems: 100 + type: array + fips_compatible: + type: boolean + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Item_1: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features_1' + required: + - data_stream + - features + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Package_Experimental_data_stream_features_Features_1: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Secret_references_Item_1: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Var_group_selections_1: + additionalProperties: + type: string + description: Variable group selections. Maps var_group name to the selected option name within that group. + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars: + additionalProperties: + $ref: '#/components/schemas/ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value_1' + description: Package variable (see integration documentation for more information) + type: object + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_200_Diff_Vars_Value_1: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + ApiFleetPackagePoliciesUpgradeDryrun_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetProxies_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Get_Response_200_Items_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Items_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_1: + type: string + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_2: + type: boolean + ApiFleetProxies_Get_Response_200_Items_Proxy_headers_3: + type: number + ApiFleetProxies_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Post_Request: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers' + url: + type: string + required: + - url + - name + ApiFleetProxies_Post_Request_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Request_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Post_Request_Proxy_headers_1: + type: string + ApiFleetProxies_Post_Request_Proxy_headers_2: + type: boolean + ApiFleetProxies_Post_Request_Proxy_headers_3: + type: number + ApiFleetProxies_Post_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item' + required: + - item + ApiFleetProxies_Post_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Post_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Post_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Post_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Delete_Response_200: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiFleetProxies_Delete_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item' + required: + - item + ApiFleetProxies_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Get_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Get_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Get_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetProxies_Put_Request: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers' + url: + type: string + required: + - certificate_authorities + - certificate + - certificate_key + ApiFleetProxies_Put_Request_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Request_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Put_Request_Proxy_headers_1: + type: string + ApiFleetProxies_Put_Request_Proxy_headers_2: + type: boolean + ApiFleetProxies_Put_Request_Proxy_headers_3: + type: number + ApiFleetProxies_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item' + required: + - item + ApiFleetProxies_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers' + url: + type: string + required: + - id + - url + - name + ApiFleetProxies_Put_Response_200_Item_Proxy_headers: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_1' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_2' + - $ref: '#/components/schemas/ApiFleetProxies_Put_Response_200_Item_Proxy_headers_3' + nullable: true + type: object + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_1: + type: string + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_2: + type: boolean + ApiFleetProxies_Put_Response_200_Item_Proxy_headers_3: + type: number + ApiFleetProxies_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + custom_assets: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets' + error: + type: string + integrations: + items: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Item' + maxItems: 10000 + type: array + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Warning' + required: + - integrations + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets: + additionalProperties: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets_Value' + type: object + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets_Value: + additionalProperties: false + type: object + properties: + error: + type: string + is_deleted: + type: boolean + name: + type: string + package_name: + type: string + package_version: + type: string + sync_status: + enum: + - completed + - synchronizing + - failed + - warning + type: string + type: + type: string + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets_Warning' + required: + - type + - name + - package_name + - package_version + - sync_status + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Custom_assets_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Item: + additionalProperties: false + type: object + properties: + error: + type: string + id: + type: string + install_status: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Install_status' + package_name: + type: string + package_version: + type: string + sync_status: + enum: + - completed + - synchronizing + - failed + - warning + type: string + updated_at: + type: string + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Warning' + required: + - sync_status + - install_status + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Install_status: + additionalProperties: false + type: object + properties: + main: + type: string + remote: + type: string + required: + - main + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Integrations_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_200_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsRemoteStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200: + additionalProperties: false + type: object + properties: + custom_assets: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets' + error: + type: string + integrations: + items: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Item' + maxItems: 10000 + type: array + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Warning' + required: + - integrations + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets: + additionalProperties: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets_Value' + type: object + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets_Value: + additionalProperties: false + type: object + properties: + error: + type: string + is_deleted: + type: boolean + name: + type: string + package_name: + type: string + package_version: + type: string + sync_status: + enum: + - completed + - synchronizing + - failed + - warning + type: string + type: + type: string + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets_Warning' + required: + - type + - name + - package_name + - package_version + - sync_status + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Custom_assets_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Item: + additionalProperties: false + type: object + properties: + error: + type: string + id: + type: string + install_status: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Install_status' + package_name: + type: string + package_version: + type: string + sync_status: + enum: + - completed + - synchronizing + - failed + - warning + type: string + updated_at: + type: string + warning: + $ref: '#/components/schemas/ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Warning' + required: + - sync_status + - install_status + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Install_status: + additionalProperties: false + type: object + properties: + main: + type: string + remote: + type: string + required: + - main + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Integrations_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_200_Warning: + additionalProperties: false + type: object + properties: + message: + type: string + title: + type: string + required: + - title + ApiFleetRemoteSyncedIntegrationsStatus_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetServiceTokens_Post_Request: + additionalProperties: false + nullable: true + type: object + properties: + remote: + default: false + type: boolean + ApiFleetServiceTokens_Post_Response_200: + additionalProperties: false + type: object + properties: + name: + type: string + value: + type: string + required: + - name + - value + ApiFleetServiceTokens_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item' + required: + - item + ApiFleetSettings_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + action_secret_storage_requirements_met: + type: boolean + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item_Delete_unenrolled_agents' + has_seen_add_data_notice: + type: boolean + id: + type: string + ilm_migration_status: + $ref: '#/components/schemas/ApiFleetSettings_Get_Response_200_Item_Ilm_migration_status' + integration_knowledge_enabled: + type: boolean + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + maxItems: 1 + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + ssl_secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + ApiFleetSettings_Get_Response_200_Item_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Get_Response_200_Item_Ilm_migration_status: + additionalProperties: false + type: object + properties: + logs: + enum: + - success + nullable: true + type: string + metrics: + enum: + - success + nullable: true + type: string + synthetics: + enum: + - success + nullable: true + type: string + ApiFleetSettings_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Get_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetSettings_Put_Request: + additionalProperties: false + type: object + properties: + additional_yaml_config: + deprecated: true + type: string + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Put_Request_Delete_unenrolled_agents' + has_seen_add_data_notice: + deprecated: true + type: boolean + integration_knowledge_enabled: + type: boolean + kibana_ca_sha256: + deprecated: true + type: string + kibana_urls: + deprecated: true + items: + format: uri + type: string + maxItems: 10 + type: array + prerelease_integrations_enabled: + type: boolean + ApiFleetSettings_Put_Request_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item' + required: + - item + ApiFleetSettings_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + action_secret_storage_requirements_met: + type: boolean + delete_unenrolled_agents: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item_Delete_unenrolled_agents' + has_seen_add_data_notice: + type: boolean + id: + type: string + ilm_migration_status: + $ref: '#/components/schemas/ApiFleetSettings_Put_Response_200_Item_Ilm_migration_status' + integration_knowledge_enabled: + type: boolean + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + maxItems: 1 + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + ssl_secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + ApiFleetSettings_Put_Response_200_Item_Delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + ApiFleetSettings_Put_Response_200_Item_Ilm_migration_status: + additionalProperties: false + type: object + properties: + logs: + enum: + - success + nullable: true + type: string + metrics: + enum: + - success + nullable: true + type: string + synthetics: + enum: + - success + nullable: true + type: string + ApiFleetSettings_Put_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSettings_Put_Response_404: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + ApiFleetSetup_Post_Response_200: + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + $ref: '#/components/schemas/ApiFleetSetup_Post_Response_200_NonFatalErrors_Item' + maxItems: 10000 + type: array + required: + - isInitialized + - nonFatalErrors + ApiFleetSetup_Post_Response_200_NonFatalErrors_Item: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + ApiFleetSetup_Post_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetSetup_Post_Response_500: + additionalProperties: false + description: Internal Server Error + type: object + properties: + message: + type: string + required: + - message + ApiFleetSpaceSettings_Get_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSpaceSettings_Get_Response_200_Item' + required: + - item + ApiFleetSpaceSettings_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 100 + type: array + managed_by: + type: string + required: + - allowed_namespace_prefixes + ApiFleetSpaceSettings_Put_Request: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 10 + type: array + ApiFleetSpaceSettings_Put_Response_200: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetSpaceSettings_Put_Response_200_Item' + required: + - item + ApiFleetSpaceSettings_Put_Response_200_Item: + additionalProperties: false + type: object + properties: + allowed_namespace_prefixes: + items: + type: string + maxItems: 100 + type: array + managed_by: + type: string + required: + - allowed_namespace_prefixes + ApiFleetUninstallTokens_Get_Response_200: + additionalProperties: false + type: object + properties: + items: + items: + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_Items_Item' + maxItems: 10000 + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + ApiFleetUninstallTokens_Get_Response_200_Items_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + required: + - id + - policy_id + - created_at + ApiFleetUninstallTokens_Get_Response_400: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiFleetUninstallTokens_Get_Response_200_1: + additionalProperties: false + type: object + properties: + item: + $ref: '#/components/schemas/ApiFleetUninstallTokens_Get_Response_200_Item' + required: + - item + ApiFleetUninstallTokens_Get_Response_200_Item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + maxItems: 100 + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + token: + type: string + required: + - id + - policy_id + - created_at + - token + ApiFleetUninstallTokens_Get_Response_400_1: + additionalProperties: false + description: Generic Error + type: object + properties: + attributes: {} + error: + type: string + errorType: + type: string + message: + type: string + statusCode: + type: number + required: + - message + - attributes + ApiLists_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Patch_Request: + example: + id: ip_list + name: Bad ips list - UPDATED + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + $ref: '#/components/schemas/Security_Lists_API_ListVersion' + required: + - id + ApiLists_Patch_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Post_Request: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + ApiLists_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLists_Put_Request: + example: + description: Latest list of bad ips + id: ip_list + name: Bad ips - updated + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + $ref: '#/components/schemas/Security_Lists_API_ListVersion' + required: + - id + - name + - description + ApiLists_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsFind_Get_Response_200: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + ApiListsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Delete_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiListsIndex_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Get_Response_200: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + ApiListsIndex_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsIndex_Post_Response_200: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + ApiListsIndex_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Delete_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - $ref: '#/components/schemas/ApiListsItems_Delete_Response_200_2' + ApiListsItems_Delete_Response_200_2: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + ApiListsItems_Delete_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Get_Response_200: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - $ref: '#/components/schemas/ApiListsItems_Get_Response_200_2' + ApiListsItems_Get_Response_200_2: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + ApiListsItems_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Patch_Request: + example: + id: pd1WRJQBs4HAK3VQeHFI + value: 255.255.255.255 + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: Determines when changes made by the request are made visible to search. + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + ApiListsItems_Patch_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Post_Request: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: Determines when changes made by the request are made visible to search. + enum: + - 'true' + - 'false' + - wait_for + example: wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + ApiListsItems_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItems_Put_Request: + type: object + properties: + _version: + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + ApiListsItems_Put_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsExport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsFind_Get_Response_200: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + ApiListsItemsFind_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsItemsImport_Post_Request: + type: object + properties: + file: + description: A `.txt` or `.csv` file containing newline separated list items. + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 + format: binary + type: string + ApiListsItemsImport_Post_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiListsPrivileges_Get_Response_200: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + ApiListsPrivileges_Get_Response_400: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + ApiLogstashPipeline_Get_Response_200: + type: object + ApiLogstashPipeline_Put_Request: + type: object + properties: + description: + description: A description of the pipeline. + type: string + pipeline: + description: A definition for the pipeline. + type: string + settings: + $ref: '#/components/schemas/ApiLogstashPipeline_Put_Request_Settings' + required: + - pipeline + ApiLogstashPipeline_Put_Request_Settings: + description: | + Supported settings, represented as object keys, include the following: + + - `pipeline.workers` + - `pipeline.batch.size` + - `pipeline.batch.delay` + - `pipeline.ecs_compatibility` + - `pipeline.ordered` + - `queue.type` + - `queue.max_bytes` + - `queue.checkpoint.writes` + type: object + ApiLogstashPipelines_Get_Response_200: + type: object + ApiMaintenanceWindow_Post_Request: + additionalProperties: false + type: object + properties: + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope' + title: + description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. + type: string + required: + - title + - schedule + ApiMaintenanceWindow_Post_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Post_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Post_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiMaintenanceWindow_Post_Request_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Post_Request_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Request_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Post_Request_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. + type: string + required: + - kql + ApiMaintenanceWindow_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowFind_Get_Response_200: + additionalProperties: false + type: object + properties: + maintenanceWindows: + items: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Item' + type: array + page: + type: number + per_page: + type: number + total: + type: number + required: + - page + - per_page + - total + - maintenanceWindows + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Item: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowFind_Get_Response_200_MaintenanceWindows_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindow_Get_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Get_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Get_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Get_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Get_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Get_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Get_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Get_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindow_Patch_Request: + additionalProperties: false + type: object + properties: + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope' + title: + description: The name of the maintenance window. While this name does not have to be unique, a distinctive name can help you identify a specific maintenance window. + type: string + ApiMaintenanceWindow_Patch_Request_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Patch_Request_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Patch_Request_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + minimum: 1 + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + maximum: 12 + minimum: 1 + type: number + minItems: 1 + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + maximum: 31 + minimum: 1 + type: number + minItems: 1 + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + minItems: 1 + type: array + ApiMaintenanceWindow_Patch_Request_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Patch_Request_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Request_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Patch_Request_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). Only alerts matching this query will be supressed by the maintenance window. + type: string + required: + - kql + ApiMaintenanceWindow_Patch_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindow_Patch_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindow_Patch_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindow_Patch_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindow_Patch_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowArchive_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowArchive_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowArchive_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowArchive_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowArchive_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiMaintenanceWindowUnarchive_Post_Response_200: + additionalProperties: false + type: object + properties: + created_at: + description: The date and time when the maintenance window was created. + type: string + created_by: + description: The identifier for the user that created the maintenance window. + nullable: true + type: string + enabled: + description: Whether the current maintenance window is enabled. Disabled maintenance windows do not suppress notifications. + type: boolean + id: + description: The identifier for the maintenance window. + type: string + schedule: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule' + scope: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope' + status: + description: The current status of the maintenance window. + enum: + - running + - upcoming + - finished + - archived + - disabled + type: string + title: + description: The name of the maintenance window. + type: string + updated_at: + description: The date and time when the maintenance window was last updated. + type: string + updated_by: + description: The identifier for the user that last updated this maintenance window. + nullable: true + type: string + required: + - id + - title + - enabled + - created_by + - updated_by + - created_at + - updated_at + - status + - schedule + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule: + additionalProperties: false + type: object + properties: + custom: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom' + required: + - custom + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom: + additionalProperties: false + type: object + properties: + duration: + description: 'The duration of the schedule. It allows values in `` format. `` is one of `d`, `h`, `m`, or `s` for hours, minutes, seconds. For example: `1d`, `5h`, `30m`, `5000s`.' + type: string + recurring: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom_Recurring' + start: + description: 'The start date and time of the schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-03-12T12:00:00.000Z`.' + type: string + timezone: + description: The timezone of the schedule. The default timezone is UTC. + type: string + required: + - start + - duration + ApiMaintenanceWindowUnarchive_Post_Response_200_Schedule_Custom_Recurring: + additionalProperties: false + type: object + properties: + end: + description: 'The end date of a recurring schedule, provided in ISO 8601 format and set to the UTC timezone. For example: `2025-04-01T00:00:00.000Z`.' + type: string + every: + description: 'The interval and frequency of a recurring schedule. It allows values in `` format. `` is one of `d`, `w`, `M`, or `y` for days, weeks, months, years. For example: `15d`, `2w`, `3m`, `1y`.' + type: string + occurrences: + description: The total number of recurrences of the schedule. + type: number + onMonth: + description: The specific months for a recurring schedule. Valid values are 1-12. + items: + type: number + type: array + onMonthDay: + description: The specific days of the month for a recurring schedule. Valid values are 1-31. + items: + type: number + type: array + onWeekDay: + description: The specific days of the week (`[MO,TU,WE,TH,FR,SA,SU]`) or nth day of month (`[+1MO, -3FR, +2WE, -4SA, -5SU]`) for a recurring schedule. + items: + type: string + type: array + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope: + additionalProperties: false + type: object + properties: + alerting: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting' + required: + - alerting + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting_Query' + required: + - query + ApiMaintenanceWindowUnarchive_Post_Response_200_Scope_Alerting_Query: + additionalProperties: false + type: object + properties: + kql: + description: A filter written in Kibana Query Language (KQL). + type: string + required: + - kql + ApiNote_Delete_Request: + oneOf: + - $ref: '#/components/schemas/ApiNote_Delete_Request_1' + - $ref: '#/components/schemas/ApiNote_Delete_Request_2' + ApiNote_Delete_Request_1: + nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + ApiNote_Delete_Request_2: + nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + ApiNote_Patch_Request: + type: object + properties: + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + description: The note to add or update. + noteId: + description: The `savedObjectId` of the note + example: 709f99c6-89b6-4953-9160-35945c8e174e + nullable: true + type: string + version: + description: The version of the note + example: WzQ2LDFd + nullable: true + type: string + required: + - note + ApiObservabilityAiAssistantChatComplete_Post_Request: + type: object + properties: + actions: + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Function' + type: array + connectorId: + description: A unique identifier for the connector. + type: string + conversationId: + description: A unique identifier for the conversation if you are continuing an existing conversation. + type: string + disableFunctions: + description: Flag indicating whether all function calls should be disabled for the conversation. If true, no calls to functions will be made. + type: boolean + instructions: + description: An array of instruction objects, which can be either simple strings or detailed objects. + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Instruction' + type: array + messages: + description: An array of message objects containing the conversation history. + items: + $ref: '#/components/schemas/Observability_AI_Assistant_API_Message' + type: array + persist: + description: Indicates whether the conversation should be saved to storage. If true, the conversation will be saved and will be available in Kibana. + type: boolean + title: + description: A title for the conversation. + type: string + required: + - messages + - connectorId + - persist + ApiObservabilityAiAssistantChatComplete_Post_Response_200: + type: object + ApiOsqueryPacks_Delete_Response_200: + example: {} + type: object + properties: {} + ApiPinnedEvent_Patch_Request: + type: object + properties: + eventId: + description: The `_id` of the associated event for this pinned event. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + type: string + pinnedEventId: + description: The `savedObjectId` of the pinned event you want to unpin. + example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 + nullable: true + type: string + timelineId: + description: The `savedObjectId` of the timeline that you want this pinned event unpinned from. + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - eventId + - timelineId + ApiRiskScoreEngineDangerouslyDeleteData_Delete_Response_200: + type: object + properties: + cleanup_successful: + type: boolean + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request: + type: object + properties: + enable_reset_to_zero: + type: boolean + exclude_alert_statuses: + items: + type: string + type: array + exclude_alert_tags: + items: + type: string + type: array + filters: + items: + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Filters_Item' + type: array + range: + $ref: '#/components/schemas/ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Range' + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Filters_Item: + type: object + properties: + entity_types: + items: + enum: + - host + - user + - service + type: string + type: array + filter: + description: KQL filter string + type: string + required: + - entity_types + - filter + ApiRiskScoreEngineSavedObjectConfigure_Patch_Request_Range: + type: object + properties: + end: + type: string + start: + type: string + ApiRiskScoreEngineSavedObjectConfigure_Patch_Response_200: + type: object + properties: + risk_engine_saved_object_configured: + type: boolean + ApiSavedObjectsBulkCreate_Post_Request_Item: + type: object + ApiSavedObjectsBulkCreate_Post_Response_200: + type: object + ApiSavedObjectsBulkDelete_Post_Request_Item: + type: object + ApiSavedObjectsBulkDelete_Post_Response_200: + type: object + ApiSavedObjectsBulkGet_Post_Request_Item: + type: object + ApiSavedObjectsBulkGet_Post_Response_200: + type: object + ApiSavedObjectsBulkResolve_Post_Request_Item: + type: object + ApiSavedObjectsBulkResolve_Post_Response_200: + type: object + ApiSavedObjectsBulkUpdate_Post_Request_Item: + type: object + ApiSavedObjectsBulkUpdate_Post_Response_200: + type: object + ApiSavedObjectsExport_Post_Request: + additionalProperties: false + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + hasReference: + anyOf: + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_1' + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_2' + includeReferencesDeep: + default: false + description: Includes all of the referenced objects in the exported objects. + type: boolean + objects: + description: 'A list of objects to export. NOTE: this optional parameter cannot be combined with the `types` option' + items: + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Objects_Item' + maxItems: 10000 + type: array + search: + description: Search for documents to export using the Elasticsearch Simple Query String syntax. + type: string + type: + anyOf: + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Type_1' + - $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_Type_2' + description: The saved object types to include in the export. Use `*` to export all the types. Valid options depend on enabled plugins, but may include `visualization`, `dashboard`, `search`, `index-pattern`, `tag`, `config`, `config-global`, `lens`, `map`, `event-annotation-group`, `query`, `url`, `action`, `alert`, `alerting_rule_template`, `apm-indices`, `cases-user-actions`, `cases`, `cases-comments`, `infrastructure-monitoring-log-view`, `ml-trained-model`, `osquery-saved-query`, `osquery-pack`, `osquery-pack-asset`. + ApiSavedObjectsExport_Post_Request_HasReference_1: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_HasReference_2: + items: + $ref: '#/components/schemas/ApiSavedObjectsExport_Post_Request_HasReference_Item' + type: array + ApiSavedObjectsExport_Post_Request_HasReference_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSavedObjectsExport_Post_Request_Type_1: + type: string + ApiSavedObjectsExport_Post_Request_Type_2: + items: + type: string + type: array + ApiSavedObjectsExport_Post_Response_400: + additionalProperties: false + description: Indicates an unsuccessful response. + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: integer + required: + - error + - message + - statusCode + ApiSavedObjectsFind_Get_Response_200: + type: object + ApiSavedObjectsImport_Post_Request: + additionalProperties: false + type: object + properties: + file: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Request_File' + required: + - file + ApiSavedObjectsImport_Post_Request_File: + description: 'A file exported using the export API. Changing the contents of the exported file in any way before importing it can cause errors, crashes or data loss. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.' + type: object + ApiSavedObjectsImport_Post_Response_200: + additionalProperties: false + type: object + properties: + errors: + description: |- + Indicates the import was unsuccessful and specifies the objects that failed to import. + + NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. + items: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200_Errors_Item' + type: array + success: + description: Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: number + successResults: + description: |- + Indicates the objects that are successfully imported, with any metadata if applicable. + + NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. + items: + $ref: '#/components/schemas/ApiSavedObjectsImport_Post_Response_200_SuccessResults_Item' + type: array + required: + - success + - successCount + - errors + - successResults + ApiSavedObjectsImport_Post_Response_200_Errors_Item: + additionalProperties: true + type: object + properties: {} + ApiSavedObjectsImport_Post_Response_200_SuccessResults_Item: + additionalProperties: true + type: object + properties: {} + ApiSavedObjectsImport_Post_Response_400: + additionalProperties: false + description: Indicates an unsuccessful response. + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: integer + required: + - error + - message + - statusCode + ApiSavedObjectsResolveImportErrors_Post_Request: + type: object + properties: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: The retry operations, which can specify how to resolve different types of errors. + items: + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Request_Retries_Item' + type: array + required: + - retries + ApiSavedObjectsResolveImportErrors_Post_Request_Retries_Item: + type: object + properties: + destinationId: + description: Specifies the destination ID that the imported object should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: When set to `true`, ignores missing reference errors. When set to `false`, does nothing. + type: boolean + overwrite: + description: When set to `true`, the source object overwrites the conflicting destination object. When set to `false`, does nothing. + type: boolean + replaceReferences: + description: A list of `type`, `from`, and `to` used to change the object references. + items: + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Request_Retries_ReplaceReferences_Item' + type: array + type: + description: The saved object type. + type: string + required: + - type + - id + ApiSavedObjectsResolveImportErrors_Post_Request_Retries_ReplaceReferences_Item: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + ApiSavedObjectsResolveImportErrors_Post_Response_200: + type: object + properties: + errors: + description: | + Specifies the objects that failed to resolve. + + NOTE: One object can result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and a `conflict` error. + items: + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Response_200_Errors_Item' + type: array + success: + description: | + Indicates a successful import. When set to `false`, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: | + Indicates the objects that are successfully imported, with any metadata if applicable. + + NOTE: Objects are only created when all resolvable errors are addressed, including conflict and missing references. + items: + $ref: '#/components/schemas/ApiSavedObjectsResolveImportErrors_Post_Response_200_SuccessResults_Item' + type: array + ApiSavedObjectsResolveImportErrors_Post_Response_200_Errors_Item: + type: object + ApiSavedObjectsResolveImportErrors_Post_Response_200_SuccessResults_Item: + type: object + ApiSavedObjects_Post_Request: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes + ApiSavedObjects_Post_Response_200: + type: object + ApiSavedObjects_Post_Response_409: + type: object + ApiSavedObjects_Get_Response_200: + type: object + ApiSavedObjects_Post_Request_1: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + required: + - attributes + ApiSavedObjects_Post_Response_200_1: + type: object + ApiSavedObjects_Post_Response_409_1: + type: object + ApiSavedObjects_Put_Request: + type: object + ApiSavedObjects_Put_Response_200: + type: object + ApiSavedObjects_Put_Response_404: + type: object + ApiSavedObjects_Put_Response_409: + type: object + ApiSavedObjectsResolve_Get_Response_200: + type: object + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request: + example: + create: + - allowed: true + anonymized: false + field: host.name + - allowed: false + anonymized: true + field: user.name + delete: + ids: + - field5 + - field6 + query: 'field: host.name' + update: + - allowed: true + anonymized: false + id: field8 + - allowed: false + anonymized: true + id: field9 + type: object + properties: + create: + description: Array of anonymization fields to create. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request_Delete' + update: + description: Array of anonymization fields to update. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' + type: array + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Request_Delete: + description: Object containing the query to filter anonymization fields and/or an array of anonymization field IDs to delete. + type: object + properties: + ids: + description: Array of IDs to apply the action to. + example: + - '1234' + - '5678' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter the bulk action. + example: 'status: ''inactive''' + type: string + ApiSecurityAiAssistantAnonymizationFieldsBulkAction_Post_Response_400: + type: object + properties: + error: + description: Error type or name. + type: string + message: + description: Detailed error message. + type: string + statusCode: + description: Status code of the response. + type: number + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200: + type: object + properties: + aggregations: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations' + all: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' + type: array + data: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations: + type: object + properties: + field_status: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status: + type: object + properties: + buckets: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets: + type: object + properties: + allowed: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Allowed' + anonymized: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Anonymized' + denied: + $ref: '#/components/schemas/ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Denied' + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Allowed: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Anonymized: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_200_Aggregations_Field_status_Buckets_Denied: + type: object + properties: + doc_count: + default: 0 + type: integer + ApiSecurityAiAssistantAnonymizationFieldsFind_Get_Response_400: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + ApiSecurityAiAssistantChatComplete_Post_Response_400: + type: object + properties: + error: + description: Error type. + example: Bad Request + type: string + message: + description: Human-readable error message. + example: Invalid request payload. + type: string + statusCode: + description: HTTP status code. + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Request: + type: object + properties: + excludedIds: + description: Optional list of conversation IDs to delete. + example: + - abc123 + - def456 + items: + type: string + type: array + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_200: + type: object + properties: + failures: + items: + type: string + type: array + success: + example: true + type: boolean + totalDeleted: + example: 10 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Post_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: 'Missing required parameter: title' + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_200: + type: object + properties: + data: + description: A list of conversations. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' + type: array + page: + description: The current page of the results. + example: 1 + type: integer + perPage: + description: The number of results returned per page. + example: 20 + type: integer + total: + description: The total number of conversations matching the filter criteria. + example: 100 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantCurrentUserConversationsFind_Get_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid filter query parameter + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Delete_Response_400_1: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Get_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: Invalid conversation ID + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantCurrentUserConversations_Put_Response_400: + type: object + properties: + error: + example: Bad Request + type: string + message: + example: 'Missing required field: title' + type: string + statusCode: + example: 400 + type: number + ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request: + type: object + properties: + create: + description: List of Knowledge Base Entries to create. + example: + - content: This is the content of the new entry. + title: New Entry + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request_Delete' + update: + description: List of Knowledge Base Entries to update. + example: + - content: Updated content. + id: '123' + title: Updated Entry + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' + type: array + ApiSecurityAiAssistantKnowledgeBaseEntriesBulkAction_Post_Request_Delete: + type: object + properties: + ids: + description: Array of Knowledge Base Entry IDs. + example: + - '123' + - '456' + - '789' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter Knowledge Base Entries. + example: status:active AND category:technology + type: string + ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_200: + type: object + properties: + data: + description: The list of Knowledge Base Entries for the current page. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' + type: array + page: + description: The current page number. + example: 1 + type: integer + perPage: + description: The number of Knowledge Base Entries returned per page. + example: 20 + type: integer + total: + description: The total number of Knowledge Base Entries available. + example: 100 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantKnowledgeBaseEntriesFind_Get_Response_400: + type: object + properties: + error: + description: A short description of the error. + example: Bad Request + type: string + message: + description: A detailed message explaining the error. + example: 'Invalid query parameter: sort_order' + type: string + statusCode: + description: The HTTP status code of the error. + example: 400 + type: number + ApiSecurityAiAssistantPromptsBulkAction_Post_Request: + type: object + properties: + create: + description: List of prompts to be created. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' + type: array + delete: + $ref: '#/components/schemas/ApiSecurityAiAssistantPromptsBulkAction_Post_Request_Delete' + update: + description: List of prompts to be updated. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' + type: array + ApiSecurityAiAssistantPromptsBulkAction_Post_Request_Delete: + description: Criteria for deleting prompts in bulk. + type: object + properties: + ids: + description: Array of IDs to apply the action to. + example: + - '1234' + - '5678' + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter the bulk action. + example: 'status: ''inactive''' + type: string + ApiSecurityAiAssistantPromptsBulkAction_Post_Response_400: + type: object + properties: + error: + description: A short error message. + example: Bad Request + type: string + message: + description: A detailed error message. + example: Invalid prompt ID or missing required fields. + type: string + statusCode: + description: The HTTP status code for the error. + example: 400 + type: number + ApiSecurityAiAssistantPromptsFind_Get_Response_200: + example: + data: + - categories: + - troubleshooting + - logging + color: '#FF5733' + consumer: security + content: If you encounter an error, check the logs and retry. + createdAt: '2025-04-20T21:00:00Z' + createdBy: jdoe + id: prompt-123 + isDefault: true + isNewConversationDefault: false + name: Error Troubleshooting Prompt + namespace: default + promptType: standard + timestamp: '2025-04-30T22:30:00Z' + updatedAt: '2025-04-30T22:45:00Z' + updatedBy: jdoe + users: + - full_name: John Doe + username: jdoe + page: 1 + perPage: 20 + total: 142 + type: object + properties: + data: + description: The list of prompts returned based on the search query, sorting, and pagination. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + page: + description: Current page number. + example: 1 + type: integer + perPage: + description: Number of prompts per page. + example: 20 + type: integer + total: + description: Total number of prompts matching the query. + example: 142 + type: integer + required: + - page + - perPage + - total + - data + ApiSecurityAiAssistantPromptsFind_Get_Response_400: + type: object + properties: + error: + description: Short error message. + example: Bad Request + type: string + message: + description: Detailed description of the error. + example: Invalid sort order value provided. + type: string + statusCode: + description: HTTP status code for the error. + example: 400 + type: number + ApiSecurityRoleQuery_Post_Request: + additionalProperties: false + type: object + properties: + filters: + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request_Filters' + from: + type: number + query: + type: string + size: + type: number + sort: + $ref: '#/components/schemas/ApiSecurityRoleQuery_Post_Request_Sort' + ApiSecurityRoleQuery_Post_Request_Filters: + additionalProperties: false + type: object + properties: + showReservedRoles: + type: boolean + ApiSecurityRoleQuery_Post_Request_Sort: + additionalProperties: false + type: object + properties: + direction: + enum: + - asc + - desc + type: string + field: + type: string + required: + - field + - direction + ApiSecurityRole_Put_Request: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch' + kibana: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Item' + type: array + metadata: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Metadata' + required: + - elasticsearch + ApiSecurityRole_Put_Request_Elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: Cluster privileges that define the cluster level actions that users can perform. + type: string + maxItems: 100 + type: array + indices: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Indices_Item' + maxItems: 1000 + type: array + remote_cluster: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_cluster_Item' + maxItems: 100 + type: array + remote_indices: + items: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Item' + maxItems: 1000 + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + maxItems: 100 + type: array + ApiSecurityRole_Put_Request_Elasticsearch_Indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. + type: boolean + field_security: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Indices_Field_security' + names: + items: + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that the role members have for the data streams and indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. + type: string + required: + - names + - privileges + ApiSecurityRole_Put_Request_Elasticsearch_Indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRole_Put_Request_Elasticsearch_Remote_cluster_Item: + additionalProperties: false + type: object + properties: + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. + type: string + maxItems: 100 + minItems: 1 + type: array + required: + - privileges + - clusters + ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. + type: boolean + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + field_security: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Field_security' + names: + items: + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that role members have for the specified indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' + type: string + required: + - clusters + - names + - privileges + ApiSecurityRole_Put_Request_Elasticsearch_Remote_indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRole_Put_Request_Kibana_Item: + additionalProperties: false + type: object + properties: + base: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_1_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_2_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_3' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_4' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Base_2' + feature: + $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Feature' + spaces: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Spaces_1' + - $ref: '#/components/schemas/ApiSecurityRole_Put_Request_Kibana_Spaces_2' + default: + - '*' + required: + - base + ApiSecurityRole_Put_Request_Kibana_Base_1: + items: + description: A base privilege that grants applies to all spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRole_Put_Request_Kibana_Base_2: + items: + description: A base privilege that applies to specific spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRole_Put_Request_Kibana_Base_1_1: + items: {} + type: array + ApiSecurityRole_Put_Request_Kibana_Base_2_1: + type: boolean + ApiSecurityRole_Put_Request_Kibana_Base_3: + type: number + ApiSecurityRole_Put_Request_Kibana_Base_4: + type: object + ApiSecurityRole_Put_Request_Kibana_Base_5: + type: string + ApiSecurityRole_Put_Request_Kibana_Feature: + additionalProperties: + items: + description: The privileges that the role member has for the feature. + type: string + maxItems: 100 + type: array + type: object + ApiSecurityRole_Put_Request_Kibana_Spaces_1: + items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + ApiSecurityRole_Put_Request_Kibana_Spaces_2: + items: + description: A space that the privilege applies to. + type: string + maxItems: 1000 + type: array + ApiSecurityRole_Put_Request_Metadata: + additionalProperties: {} + type: object + ApiSecurityRoles_Post_Request: + additionalProperties: false + type: object + properties: + roles: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles' + required: + - roles + ApiSecurityRoles_Post_Request_Roles: + additionalProperties: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Value' + type: object + ApiSecurityRoles_Post_Request_Roles_Value: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch' + kibana: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Item' + type: array + metadata: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Metadata' + required: + - elasticsearch + ApiSecurityRoles_Post_Request_Roles_Elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: Cluster privileges that define the cluster level actions that users can perform. + type: string + maxItems: 100 + type: array + indices: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Item' + maxItems: 1000 + type: array + remote_cluster: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_cluster_Item' + maxItems: 100 + type: array + remote_indices: + items: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Item' + maxItems: 1000 + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + maxItems: 100 + type: array + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. + type: boolean + field_security: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Field_security' + names: + items: + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that the role members have for the data streams and indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. + type: string + required: + - names + - privileges + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_cluster_Item: + additionalProperties: false + type: object + properties: + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. + type: string + maxItems: 100 + minItems: 1 + type: array + required: + - privileges + - clusters + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Item: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. + type: boolean + clusters: + items: + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. + type: string + maxItems: 100 + minItems: 1 + type: array + field_security: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Field_security' + names: + items: + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). + type: string + maxItems: 100 + minItems: 1 + type: array + privileges: + items: + description: The index level privileges that role members have for the specified indices. + type: string + maxItems: 100 + minItems: 1 + type: array + query: + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' + type: string + required: + - clusters + - names + - privileges + ApiSecurityRoles_Post_Request_Roles_Elasticsearch_Remote_indices_Field_security: + additionalProperties: + items: + description: The document fields that the role members have read access to. + type: string + maxItems: 1000 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Item: + additionalProperties: false + type: object + properties: + base: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_3' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_4' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_5' + nullable: true + oneOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2' + feature: + $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Feature' + spaces: + anyOf: + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_1' + - $ref: '#/components/schemas/ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_2' + default: + - '*' + required: + - base + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1: + items: + description: A base privilege that grants applies to all spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2: + items: + description: A base privilege that applies to specific spaces. + type: string + maxItems: 50 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_1_1: + items: {} + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_2_1: + type: boolean + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_3: + type: number + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_4: + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Base_5: + type: string + ApiSecurityRoles_Post_Request_Roles_Kibana_Feature: + additionalProperties: + items: + description: The privileges that the role member has for the feature. + type: string + maxItems: 100 + type: array + type: object + ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_1: + items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + ApiSecurityRoles_Post_Request_Roles_Kibana_Spaces_2: + items: + description: A space that the privilege applies to. + type: string + maxItems: 1000 + type: array + ApiSecurityRoles_Post_Request_Roles_Metadata: + additionalProperties: {} + type: object + ApiSecuritySessionInvalidate_Post_Request: + type: object + properties: + match: + description: | + The method Kibana uses to determine which sessions to invalidate. If it is `all`, all existing sessions will be invalidated. If it is `query`, only the sessions that match the query will be invalidated. + enum: + - all + - query + type: string + query: + $ref: '#/components/schemas/ApiSecuritySessionInvalidate_Post_Request_Query' + required: + - match + ApiSecuritySessionInvalidate_Post_Request_Query: + description: | + The query that Kibana uses to match the sessions to invalidate when the `match` parameter is set to `query`. + type: object + properties: + provider: + $ref: '#/components/schemas/ApiSecuritySessionInvalidate_Post_Request_Query_Provider' + username: + description: The username that will have its sessions invalidated. + type: string + required: + - provider + ApiSecuritySessionInvalidate_Post_Request_Query_Provider: + description: The authentication providers that will have their user sessions invalidated. + type: object + properties: + name: + description: The authentication provider name. + type: string + type: + description: | + The authentication provide type. For example: `basic`, `token`, `saml`, `oidc`, `kerberos`, or `pki`. + type: string + required: + - type + ApiSecuritySessionInvalidate_Post_Response_200: + type: object + properties: + total: + description: The number of sessions that were successfully invalidated. + type: integer + ApiShortUrl_Post_Request: + type: object + properties: + humanReadableSlug: + description: | + When the `slug` parameter is omitted, the API will generate a random human-readable slug if `humanReadableSlug` is set to true. + type: boolean + locatorId: + description: The identifier for the locator. + type: string + params: + $ref: '#/components/schemas/ApiShortUrl_Post_Request_Params' + slug: + description: | + A custom short URL slug. The slug is the part of the short URL that identifies it. You can provide a custom slug which consists of latin alphabet letters, numbers, and `-._` characters. The slug must be at least 3 characters long, but no longer than 255 characters. + type: string + required: + - locatorId + - params + ApiShortUrl_Post_Request_Params: + description: | + An object which contains all necessary parameters for the given locator to resolve to a Kibana location. + > warn + > When you create a short URL, locator params are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed. + type: object + ApiSpacesCopySavedObjects_Post_Request: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + description: Apply various adjustments to the saved objects that are being copied to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with copied saved objects. This option cannot be used with the `createNewCopies` option. + type: boolean + createNewCopies: + default: true + description: Create new copies of saved objects, regenerate each object identifier, and reset the origin. When used, potential conflict errors are avoided. This option cannot be used with the `overwrite` and `compatibilityMode` options. + type: boolean + includeReferences: + default: false + description: When set to true, all saved objects related to the specified saved objects will also be copied into the target spaces. + type: boolean + objects: + items: + $ref: '#/components/schemas/ApiSpacesCopySavedObjects_Post_Request_Objects_Item' + maxItems: 1000 + type: array + overwrite: + default: false + description: When set to true, all conflicts are automatically overridden. When a saved object with a matching type and identifier exists in the target space, that version is replaced with the version from the source space. This option cannot be used with the `createNewCopies` option. + type: boolean + spaces: + items: + description: The identifiers of the spaces where you want to copy the specified objects. + type: string + maxItems: 100 + type: array + required: + - spaces + - objects + ApiSpacesCopySavedObjects_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to copy. + type: string + type: + description: The type of the saved object to copy. + type: string + required: + - type + - id + ApiSpacesDisableLegacyUrlAliases_Post_Request: + additionalProperties: false + type: object + properties: + aliases: + items: + $ref: '#/components/schemas/ApiSpacesDisableLegacyUrlAliases_Post_Request_Aliases_Item' + maxItems: 1000 + type: array + required: + - aliases + ApiSpacesDisableLegacyUrlAliases_Post_Request_Aliases_Item: + additionalProperties: false + type: object + properties: + sourceId: + description: The alias source object identifier. This is the legacy object identifier. + type: string + targetSpace: + description: The space where the alias target object exists. + type: string + targetType: + description: 'The type of alias target object. ' + type: string + required: + - targetSpace + - targetType + - sourceId + ApiSpacesGetShareableReferences_Post_Request: + additionalProperties: false + type: object + properties: + objects: + items: + $ref: '#/components/schemas/ApiSpacesGetShareableReferences_Post_Request_Objects_Item' + maxItems: 1000 + type: array + required: + - objects + ApiSpacesGetShareableReferences_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSpacesResolveCopySavedObjectsErrors_Post_Request: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + type: boolean + createNewCopies: + default: true + type: boolean + includeReferences: + default: false + type: boolean + objects: + items: + $ref: '#/components/schemas/ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Objects_Item' + maxItems: 1000 + type: array + retries: + $ref: '#/components/schemas/ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Retries' + required: + - retries + - objects + ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Retries: + additionalProperties: + items: + $ref: '#/components/schemas/ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Retries_Item' + maxItems: 1000 + type: array + type: object + ApiSpacesResolveCopySavedObjectsErrors_Post_Request_Retries_Item: + additionalProperties: false + type: object + properties: + createNewCopy: + description: Creates new copies of the saved objects, regenerates each object ID, and resets the origin. + type: boolean + destinationId: + description: Specifies the destination identifier that the copied object should have, if different from the current identifier. + type: string + id: + description: The saved object identifier. + type: string + ignoreMissingReferences: + description: When set to true, any missing references errors are ignored. + type: boolean + overwrite: + default: false + description: When set to true, the saved object from the source space overwrites the conflicting object in the destination space. + type: boolean + type: + description: The saved object type. + type: string + required: + - type + - id + ApiSpacesUpdateObjectsSpaces_Post_Request: + additionalProperties: false + type: object + properties: + objects: + items: + $ref: '#/components/schemas/ApiSpacesUpdateObjectsSpaces_Post_Request_Objects_Item' + maxItems: 1000 + type: array + spacesToAdd: + items: + description: The identifiers of the spaces the saved objects should be added to or removed from. + type: string + maxItems: 1000 + type: array + spacesToRemove: + items: + description: The identifiers of the spaces the saved objects should be added to or removed from. + type: string + maxItems: 1000 + type: array + required: + - objects + - spacesToAdd + - spacesToRemove + ApiSpacesUpdateObjectsSpaces_Post_Request_Objects_Item: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to update. + type: string + type: + description: The type of the saved object to update. + type: string + required: + - type + - id + ApiSpacesSpace_Post_Request: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + maxItems: 100 + type: array + id: + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. + type: string + imageUrl: + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. + type: string + initials: + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + ApiSpacesSpace_Put_Request: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + maxItems: 100 + type: array + id: + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. + type: string + imageUrl: + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. + type: string + initials: + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + ApiStatus_Get_Response_200: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + ApiStatus_Get_Response_503: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + ApiStreams_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Get_Request_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_2' + - $ref: '#/components/schemas/ApiStreams_Get_Request_3' + ApiStreams_Get_Request_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Get_Request_1_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_2_1' + - $ref: '#/components/schemas/ApiStreams_Get_Request_3_1' + ApiStreams_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreams_Get_Request_3: + not: {} + ApiStreamsDisable_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsDisable_Post_Request_3' + ApiStreamsDisable_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsDisable_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsDisable_Post_Request_3: + not: {} + ApiStreamsEnable_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsEnable_Post_Request_3' + ApiStreamsEnable_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsEnable_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsEnable_Post_Request_3: + not: {} + ApiStreamsResync_Post_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_1' + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_2' + - $ref: '#/components/schemas/ApiStreamsResync_Post_Request_3' + ApiStreamsResync_Post_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsResync_Post_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsResync_Post_Request_3: + not: {} + ApiStreams_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreams_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreams_Delete_Request_3' + ApiStreams_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreams_Delete_Request_3: + not: {} + ApiStreams_Get_Request_1_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Get_Request_2_1: + enum: + - 'null' + nullable: true + ApiStreams_Get_Request_3_1: + not: {} + ApiStreams_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1' + ApiStreams_Put_Request_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2_1' + ApiStreams_Put_Request_1_1: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_10' + ApiStreams_Put_Request_1_2: + type: object + properties: {} + ApiStreams_Put_Request_2: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2' + required: + - stream + ApiStreams_Put_Request_Stream_1: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_3: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_4: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_1' + required: + - stream + ApiStreams_Put_Request_Stream_1_1: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_2' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Processing_1: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_1: + additionalProperties: false + type: object + properties: + ingest: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_1' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_1' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_1: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_2: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_1' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_1: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_1' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_1' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_1' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_2' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_4' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_2' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_2' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_3' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_3' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_3' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_4' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_8: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_8' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_9: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_4' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_4' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_4' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_4' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_4' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_4' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_4' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_4' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_4' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_4' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_4' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_4: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_4' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_4' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_4' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_4' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_4: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_4: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_4: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_8: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_9: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_4: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_4: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_4' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_4: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_4: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_4' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_4: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_5' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_10' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_5' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_5' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_5' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_5' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_5' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_5' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_5' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_5' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_5' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_5' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_5' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_5: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_5' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_5' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_5' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_5' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_5: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_5: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_5: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_10: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_11: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_5: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_5: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_5' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_5: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_5: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_5' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_5: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_12: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_12' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_13: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_6' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_6' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_6' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_6' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_6' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_6' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_6' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_6' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_6' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_6' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_6' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_6: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_6' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_6' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_6' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_6' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_6: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_6: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_6: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_12: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_13: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_6: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_6: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_6: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_6' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_6: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_6' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_6: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_7' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_14: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_14' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_15: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_7' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_7' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_7' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_7' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_7' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_7' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_7' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_7' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_7' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_7' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_7' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_7: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_7' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_7' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_7' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_7' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_7: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_7: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_7: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_14: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_15: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_7: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_7: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_7: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_7' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_7: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_7: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_7' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_7: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_8' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_16: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_16' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_17: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_8' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_8' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_8' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_8' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_8' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_8' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_8' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_8' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_8' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_8' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_8' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_8: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_8' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_8' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_8' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_8' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_8: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_8: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_8: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_16: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_17: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_8: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_8: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_8: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_8' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_8: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_8: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_8' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_8: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_9' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_18: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_18' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_19: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_9' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_9' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_9' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_9' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_9' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_9' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_9' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_9' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_9' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_9' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_9' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_9: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_9' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_9' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_9' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_9' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_9: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_9: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_9: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_18: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_19: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_9: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_9: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_9: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_9' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_9: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_9: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_9' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_9: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_10' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_20: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_20' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_21: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_10' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_10' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_10' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_10' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_10' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_10' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_10' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_10' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_10' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_10' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_10' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_10: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_10' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_10' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_10' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_10' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_10: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_10: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_10: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_20: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_21: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_10: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_10: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_10: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_10' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_10: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_10: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_10' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_10: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_11' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_22: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_22' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_23: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_11' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_11' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_11' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_11' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_11' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_11' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_11' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_11' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_11' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_11' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_11' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_11: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_11' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_11' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_11' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_11' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_11: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_11: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_11: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_22: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_23: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_11: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_11: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_11: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_11' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_11: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_11: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_11' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_11: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_12' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_24: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_24' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_25: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_12' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_12' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_12' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_12' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_12' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_12' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_12' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_12' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_12' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_12' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_12' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_12: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_12' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_12' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_12' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_12' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_12' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_12: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_12: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_12: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_24: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_25: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_12: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_12: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_12: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_12' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_12: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_12: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_12' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_12: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_13' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_26: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_26' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_27: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_13' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_13' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_13' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_13' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_13' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_13' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_13' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_13' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_13' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_13' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_13' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_13: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_13' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_13' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_13' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_13' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_13' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_13: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_13: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_13: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_26: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_27: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_13: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_13: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_13: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_13' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_13: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_13: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_13' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_13: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_14' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_28: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_28' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_29: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_14' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_14' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_14' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_14' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_14' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_14' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_14' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_14' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_14' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_14' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_14' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_14: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_14' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_14' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_14' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_14' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_14' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_14: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_14: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_14: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_28: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_29: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_14: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_14: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_14: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_14' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_14: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_14: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_14' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_14: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_15' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_30: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_30' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_31: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_15' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_15' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_15' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_15' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_15' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_15' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_15' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_15' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_15' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_15' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_15' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_15: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_15' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_15' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_15' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_15' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_15' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_15: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_15: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_15: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_30: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_31: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_15: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_15: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_15: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_15' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_15: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_15: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_15' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_15: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_16' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_32: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_32' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_33: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_16' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_16' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_16' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_16' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_16' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_16' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_16' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_16' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_16' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_16' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_16' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_16: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_16' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_16' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_16' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_16' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_16' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_16: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_16: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_16: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_32: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_33: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_16: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_16: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_16: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_16' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_16: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_16: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_16' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_16: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_1: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_2' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_2: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_2: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2: + enum: + - -1 + type: number + ApiStreams_Put_Request_Stream_Ingest_2: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_3' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Wired: + additionalProperties: false + type: object + properties: + fields: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields' + routing: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Item' + type: array + required: + - fields + - routing + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_3' + type: object + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_2' + type: object + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5' + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_1: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_5_1: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_3_2: + items: {} + type: array + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_4_2: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_4' + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Wired_Fields_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Item: + additionalProperties: false + type: object + properties: + destination: + description: A non-empty string. + minLength: 1 + type: string + status: + enum: + - enabled + - disabled + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - destination + - where + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Contains_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_EndsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Eq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Includes_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Neq_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Gte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lt_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Range_Lte_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_StartsWith_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Never' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Always' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Wired_Routing_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_5: + type: object + properties: {} + ApiStreams_Put_Request_6: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_2' + required: + - stream + ApiStreams_Put_Request_Stream_1_2: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_3: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_2: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_7: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_1' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_1: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_1' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_1' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_1: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_2' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_1' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_1' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_1: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_8: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_3' + required: + - stream + ApiStreams_Put_Request_Stream_1_3: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_3' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_3: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_4' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_4: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_3: + additionalProperties: false + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_4' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_4: + additionalProperties: false + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_1' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_1' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_5' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_1' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_1' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_1' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_3' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_2' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_2: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_1' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_3' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_3: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_1' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_1' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_1: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_1: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_1' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_1: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_1' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_5: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_3' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_1' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_3: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_1' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_17' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_1: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_34: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_34' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_35: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_17' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_17' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_17' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_17' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_17' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_17' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_17' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_17' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_17' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_17' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_17' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_17: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_17' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_17' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_17' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_17' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_17' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_17: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_17: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_17: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_34: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_35: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_17: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_17: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_17: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_17' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_17: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_17: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_17' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_17: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_18' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_36: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_36' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_37: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_18' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_18' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_18' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_18' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_18' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_18' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_18' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_18' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_18' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_18' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_18' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_18: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_18' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_18' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_18' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_18' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_18' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_18: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_18: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_18: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_36: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_37: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_18: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_18: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_18: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_18' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_18: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_18: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_18' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_18: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_1: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_19' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_38: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_38' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_39: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_19' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_19' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_19' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_19' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_19' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_19' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_19' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_19' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_19' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_19' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_19' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_19: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_19' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_19' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_19' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_19' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_19' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_19: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_19: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_19: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_38: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_39: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_19: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_19: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_19: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_19' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_19: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_19: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_19' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_19: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_20' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_40: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_40' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_41: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_20' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_20' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_20' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_20' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_20' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_20' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_20' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_20' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_20' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_20' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_20' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_20: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_20' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_20' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_20' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_20' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_20' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_20: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_20: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_20: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_40: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_41: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_20: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_20: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_20: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_20' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_20: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_20: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_20' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_20: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_21' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_42: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_42' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_43: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_21' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_21' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_21' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_21' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_21' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_21' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_21' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_21' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_21' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_21' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_21' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_21: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_21' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_21' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_21' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_21' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_21' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_21: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_21: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_21: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_42: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_43: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_21: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_21: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_21: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_21' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_21: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_21: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_21' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_21: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_1: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_22' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_44: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_44' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_45: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_22' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_22' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_22' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_22' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_22' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_22' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_22' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_22' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_22' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_22' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_22' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_22: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_22' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_22' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_22' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_22' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_22' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_22: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_22: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_22: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_44: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_45: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_22: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_22: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_22: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_22' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_22: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_22: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_22' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_22: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_1: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_23' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_46: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_46' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_47: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_23' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_23' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_23' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_23' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_23' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_23' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_23' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_23' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_23' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_23' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_23' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_23: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_23' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_23' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_23' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_23' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_23' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_23: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_23: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_23: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_46: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_47: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_23: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_23: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_23: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_23' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_23: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_23: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_23' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_23: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_1: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_24' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_48: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_48' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_49: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_24' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_24' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_24' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_24' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_24' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_24' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_24' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_24' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_24' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_24' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_24' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_24: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_24' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_24' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_24' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_24' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_24' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_24: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_24: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_24: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_48: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_49: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_24: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_24: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_24: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_24' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_24: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_24: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_24' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_24: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_1: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_1: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_25' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_50: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_50' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_51: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_25' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_25' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_25' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_25' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_25' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_25' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_25' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_25' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_25' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_25' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_25' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_25: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_25' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_25' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_25' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_25' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_25' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_25: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_25: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_25: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_50: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_51: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_25: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_25: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_25: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_25' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_25: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_25: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_25' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_25: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_26' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_52: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_52' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_53: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_26' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_26' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_26' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_26' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_26' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_26' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_26' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_26' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_26' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_26' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_26' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_26: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_26' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_26' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_26' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_26' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_26' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_26: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_26: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_26: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_52: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_53: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_26: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_26: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_26: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_26' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_26: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_26: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_26' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_26: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_27' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_54: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_54' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_55: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_27' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_27' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_27' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_27' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_27' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_27' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_27' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_27' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_27' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_27' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_27' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_27: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_27' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_27' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_27' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_27' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_27' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_27: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_27: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_27: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_54: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_55: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_27: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_27: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_27: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_27' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_27: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_27: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_27' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_27: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_28' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_56: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_56' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_57: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_28' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_28' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_28' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_28' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_28' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_28' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_28' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_28' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_28' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_28' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_28' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_28: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_28' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_28' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_28' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_28' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_28' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_28: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_28: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_28: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_56: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_57: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_28: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_28: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_28: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_28' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_28: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_28: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_28' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_28: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_29' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_58: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_58' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_59: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_29' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_29' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_29' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_29' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_29' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_29' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_29' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_29' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_29' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_29' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_29' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_29: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_29' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_29' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_29' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_29' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_29' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_29: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_29: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_29: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_58: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_59: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_29: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_29: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_29: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_29' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_29: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_29: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_29' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_29: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_30' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_60: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_60' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_61: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_30' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_30' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_30' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_30' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_30' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_30' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_30' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_30' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_30' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_30' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_30' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_30: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_30' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_30' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_30' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_30' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_30' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_30: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_30: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_30: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_60: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_61: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_30: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_30: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_30: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_30' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_30: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_30: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_30' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_30: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_1: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_31' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_62: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_62' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_63: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_31' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_31' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_31' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_31' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_31' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_31' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_31' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_31' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_31' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_31' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_31' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_31: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_31' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_31' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_31' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_31' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_31' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_31: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_31: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_31: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_62: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_63: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_31: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_31: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_31: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_31' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_31: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_31: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_31' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_31: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_1' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_32' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_1: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_64: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_64' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_65: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_32' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_32' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_32' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_32' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_32' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_32' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_32' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_32' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_32' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_32' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_32' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_32: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_32' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_32' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_32' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_32' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_32' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_32: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_32: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_32: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_64: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_65: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_32: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_32: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_32: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_32' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_32: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_32: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_32' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_32: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_1: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_1' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_1' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_33' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_1: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_1: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_66: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_66' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_67: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_33' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_33' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_33' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_33' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_33' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_33' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_33' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_33' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_33' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_33' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_33' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_33: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_33' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_33' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_33' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_33' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_33' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_33: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_33: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_33: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_66: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_67: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_33: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_33: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_33: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_33' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_33: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_33: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_33' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_33: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_3: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_5' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_3' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_1: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_3: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_4: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_1' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_1' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_5: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_1: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_1' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_1' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_1' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_1: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_1' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_1: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_1: + enum: + - -1 + type: number + ApiStreams_Put_Request_9: + type: object + properties: {} + ApiStreams_Put_Request_10: + type: object + properties: {} + ApiStreams_Put_Request_2_1: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_5_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_6_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_7_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_8_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_9_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_10_1' + ApiStreams_Put_Request_1_3: + type: object + properties: {} + ApiStreams_Put_Request_2_2: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_4' + required: + - stream + ApiStreams_Put_Request_Stream_1_4: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_5' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_5: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_6' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_6: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_4: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_3_1: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_2' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_2: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_2' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_2' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_2: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_2' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_4' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_2' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_2' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_2: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_4_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_5' + required: + - stream + ApiStreams_Put_Request_Stream_1_5: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_6' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_6: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_7' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_7: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_5: + additionalProperties: false + type: object + properties: + ingest: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_2_1' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_1_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_2' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_2' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_8' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_2' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_4: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_2' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_4: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_2' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_2: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_5' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_5: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_4' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_4: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_2' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_2: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_5: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_5' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_5: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_2' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_2: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_2' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_2: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_2' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_2: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_2' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_2: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_2' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_2: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_8: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_5' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_5' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_2' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_5: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_2' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_68' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_69' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_34' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_2: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_68: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_69' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_68' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_69: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_34' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_34' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_34' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_34' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_34' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_34' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_34' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_34' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_34' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_34' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_34' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_34: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_34' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_34' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_34' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_34' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_34' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_34: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_34: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_34: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_68: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_69: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_34: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_34: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_34: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_34' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_34: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_34: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_34' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_34: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_4: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_70' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_71' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_35' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_70: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_71' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_70' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_71: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_35' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_35' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_35' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_35' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_35' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_35' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_35' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_35' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_35' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_35' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_35' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_35: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_35' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_35' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_35' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_35' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_35' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_35: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_35: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_35: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_70: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_71: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_35: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_35: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_35: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_35' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_35: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_35: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_35' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_35: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_2: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_72' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_73' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_36' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_72: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_73' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_72' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_73: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_36' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_36' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_36' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_36' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_36' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_36' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_36' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_36' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_36' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_36' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_36' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_36: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_36' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_36' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_36' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_36' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_36' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_36: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_36: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_36: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_72: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_73: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_36: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_36: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_36: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_36' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_36: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_36: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_36' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_36: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_74' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_75' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_37' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_74: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_75' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_74' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_75: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_37' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_37' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_37' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_37' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_37' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_37' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_37' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_37' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_37' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_37' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_37' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_37: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_37' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_37' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_37' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_37' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_37' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_37: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_37: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_37: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_74: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_75: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_37: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_37: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_37: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_37' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_37: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_37: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_37' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_37: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_76' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_77' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_38' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_76: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_77' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_76' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_77: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_38' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_38' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_38' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_38' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_38' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_38' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_38' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_38' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_38' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_38' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_38' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_38: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_38' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_38' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_38' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_38' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_38' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_38: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_38: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_38: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_76: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_77: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_38: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_38: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_38: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_38' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_38: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_38: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_38' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_38: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_2: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_78' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_79' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_39' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_78: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_79' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_78' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_79: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_39' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_39' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_39' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_39' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_39' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_39' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_39' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_39' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_39' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_39' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_39' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_39: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_39' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_39' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_39' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_39' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_39' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_39: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_39: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_39: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_78: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_79: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_39: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_39: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_39: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_39' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_39: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_39: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_39' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_39: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_2: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_80' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_81' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_40' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_80: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_81' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_80' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_81: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_40' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_40' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_40' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_40' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_40' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_40' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_40' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_40' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_40' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_40' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_40' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_40: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_40' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_40' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_40' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_40' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_40' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_40: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_40: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_40: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_80: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_81: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_40: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_40: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_40: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_40' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_40: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_40: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_40' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_40: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_2: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_82' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_83' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_41' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_82: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_83' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_82' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_83: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_41' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_41' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_41' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_41' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_41' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_41' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_41' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_41' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_41' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_41' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_41' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_41: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_41' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_41' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_41' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_41' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_41' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_41: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_41: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_41: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_82: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_83: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_41: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_41: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_41: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_41' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_41: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_41: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_41' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_41: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_2: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_2: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_84' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_85' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_42' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_84: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_85' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_84' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_85: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_42' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_42' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_42' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_42' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_42' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_42' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_42' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_42' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_42' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_42' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_42' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_42: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_42' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_42' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_42' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_42' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_42' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_42: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_42: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_42: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_84: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_85: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_42: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_42: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_42: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_42' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_42: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_42: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_42' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_42: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_86' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_87' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_43' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_86: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_87' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_86' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_87: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_43' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_43' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_43' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_43' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_43' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_43' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_43' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_43' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_43' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_43' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_43' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_43: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_43' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_43' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_43' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_43' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_43' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_43: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_43: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_43: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_86: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_87: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_43: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_43: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_43: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_43' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_43: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_43: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_43' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_43: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_88' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_89' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_44' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_88: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_89' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_88' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_89: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_44' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_44' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_44' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_44' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_44' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_44' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_44' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_44' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_44' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_44' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_44' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_44: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_44' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_44' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_44' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_44' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_44' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_44: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_44: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_44: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_88: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_89: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_44: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_44: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_44: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_44' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_44: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_44: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_44' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_44: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_90' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_91' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_45' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_90: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_91' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_90' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_91: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_45' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_45' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_45' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_45' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_45' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_45' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_45' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_45' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_45' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_45' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_45' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_45: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_45' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_45' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_45' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_45' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_45' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_45: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_45: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_45: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_90: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_91: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_45: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_45: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_45: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_45' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_45: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_45: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_45' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_45: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_92' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_93' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_46' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_92: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_93' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_92' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_93: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_46' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_46' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_46' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_46' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_46' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_46' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_46' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_46' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_46' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_46' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_46' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_46: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_46' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_46' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_46' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_46' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_46' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_46: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_46: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_46: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_92: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_93: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_46: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_46: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_46: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_46' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_46: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_46: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_46' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_46: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_94' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_95' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_47' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_94: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_95' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_94' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_95: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_47' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_47' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_47' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_47' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_47' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_47' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_47' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_47' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_47' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_47' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_47' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_47: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_47' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_47' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_47' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_47' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_47' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_47: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_47: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_47: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_94: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_95: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_47: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_47: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_47: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_47' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_47: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_47: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_47' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_47: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_2: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_96' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_97' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_48' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_96: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_97' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_96' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_97: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_48' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_48' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_48' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_48' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_48' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_48' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_48' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_48' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_48' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_48' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_48' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_48: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_48' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_48' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_48' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_48' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_48' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_48: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_48: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_48: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_96: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_97: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_48: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_48: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_48: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_48' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_48: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_48: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_48' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_48: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_2: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_98' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_99' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_49' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_2: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_98: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_99' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_98' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_99: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_49' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_49' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_49' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_49' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_49' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_49' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_49' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_49' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_49' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_49' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_49' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_49: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_49' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_49' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_49' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_49' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_49' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_49: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_49: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_49: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_98: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_99: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_49: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_49: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_49: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_49' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_49: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_49: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_49' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_49: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_2: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_2' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_2' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_100' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_101' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_50' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_2: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_2: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_100: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_101' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_100' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_101: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_50' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_50' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_50' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_50' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_50' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_50' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_50' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_50' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_50' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_50' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_50' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_50: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_50' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_50' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_50' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_50' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_50' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_50: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_50: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_50: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_100: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_101: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_50: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_50: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_50: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_50' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_50: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_50: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_50' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_50: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_5: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_8' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_2' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_7: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_8' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_8: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_2: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_2' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_2' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_8: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_2: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_2' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_2' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_2' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_2: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_2: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_2: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_2' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_2: + enum: + - -1 + type: number + ApiStreams_Put_Request_Stream_Ingest_2_1: + type: object + properties: + classic: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic' + required: + - classic + ApiStreams_Put_Request_Stream_Ingest_Classic: + additionalProperties: false + type: object + properties: + field_overrides: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_3' + type: object + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_2' + type: object + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_2: + type: string + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_2' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_1' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5_1' + type: array + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_2: + type: number + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_1: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_1: + enum: + - 'null' + nullable: true + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_5_1: + not: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_3_2: + items: {} + type: array + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_4_2: {} + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_4' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_4' + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreams_Put_Request_Stream_Ingest_Classic_Field_overrides_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreams_Put_Request_5_1: + type: object + properties: {} + ApiStreams_Put_Request_6_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_6' + required: + - stream + ApiStreams_Put_Request_Stream_1_6: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_7' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_7: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_9' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_9: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_6: + additionalProperties: false + type: object + properties: + description: + type: string + name: + type: string + updated_at: + format: date-time + type: string + required: + - name + - description + - updated_at + ApiStreams_Put_Request_7_1: + type: object + properties: + dashboards: + items: + type: string + type: array + queries: + items: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_2_3' + type: array + rules: + items: + type: string + type: array + required: + - dashboards + - rules + - queries + ApiStreams_Put_Request_Queries_1_3: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreams_Put_Request_Queries_2_3: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_3' + kql: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Kql_3' + severity_score: + type: number + required: + - kql + ApiStreams_Put_Request_Queries_Feature_3: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_6_3' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreams_Put_Request_Queries_Feature_Filter_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_2_6' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Queries_Feature_Filter_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Queries_Feature_Filter_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Queries_Feature_Filter_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Queries_Feature_Filter_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Queries_Feature_Filter_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Queries_Feature_Filter_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Queries_Feature_Filter_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Never_3' + required: + - never + ApiStreams_Put_Request_Queries_Feature_Filter_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Feature_Filter_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Queries_Feature_Filter_Always_3' + required: + - always + ApiStreams_Put_Request_Queries_Feature_Filter_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Queries_Kql_3: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreams_Put_Request_8_1: + type: object + properties: + stream: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_2_7' + required: + - stream + ApiStreams_Put_Request_Stream_1_7: + additionalProperties: true + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_8' + name: + not: {} + updated_at: + not: {} + ApiStreams_Put_Request_Stream_Ingest_8: + additionalProperties: true + type: object + properties: + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_10' + required: + - processing + ApiStreams_Put_Request_Stream_Ingest_Processing_10: + additionalProperties: true + type: object + properties: + updated_at: + not: {} + ApiStreams_Put_Request_Stream_2_7: + additionalProperties: false + type: object + properties: + ingest: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_9' + required: + - ingest + ApiStreams_Put_Request_Stream_Ingest_9: + additionalProperties: false + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_3' + processing: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_11' + settings: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_3' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_6: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_3' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Inherit_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_6: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_3' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Disabled_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Failure_store_3_3: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_7' + ApiStreams_Put_Request_Stream_Ingest_Failure_store_1_7: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_6' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_6: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_3' + required: + - enabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Enabled_3: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreams_Put_Request_Stream_Ingest_Failure_store_2_7: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_7' + required: + - lifecycle + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_7: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_3' + required: + - disabled + ApiStreams_Put_Request_Stream_Ingest_Failure_store_Lifecycle_Disabled_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_1_3: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_3' + required: + - dsl + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_3: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_3' + type: array + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Dsl_Downsample_Item_3: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_2_3: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_3' + required: + - ilm + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Ilm_3: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_3_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_3' + required: + - inherit + ApiStreams_Put_Request_Stream_Ingest_Lifecycle_Inherit_3: + additionalProperties: false + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_11: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_7' + type: array + updated_at: + format: date-time + type: string + required: + - steps + - updated_at + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_7' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_6' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_3' + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_1_7: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_3' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_102' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_103' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_51' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Pattern_definitions_3: + additionalProperties: + type: string + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_102: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_103' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_102' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_103: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_51' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_51' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_51' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_51' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_51' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_51' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_51' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_51' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_51' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_51' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_51' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_51: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_51' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_51' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_51' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_51' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_51' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_51: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_51: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_51: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_102: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_103: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_51: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_51: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_51: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_51' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_51: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_51: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_51' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_51: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_6: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_104' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_105' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_52' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_104: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_105' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_104' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_105: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_52' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_52' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_52' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_52' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_52' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_52' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_52' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_52' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_52' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_52' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_52' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_52: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_52' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_52' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_52' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_52' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_52' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_52: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_52: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_52: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_104: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_105: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_52: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_52: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_52: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_52' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_52: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_52: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_52' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_52: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_3_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_106' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_107' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_53' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_106: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_107' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_106' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_107: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_53' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_53' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_53' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_53' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_53' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_53' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_53' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_53' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_53' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_53' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_53' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_53: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_53' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_53' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_53' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_53' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_53' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_53: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_53: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_53: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_106: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_107: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_53: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_53: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_53: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_53' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_53: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_53: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_53' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_53: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_4_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_108' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_109' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_54' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_108: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_109' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_108' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_109: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_54' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_54' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_54' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_54' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_54' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_54' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_54' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_54' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_54' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_54' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_54' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_54: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_54' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_54' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_54' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_54' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_54' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_54: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_54: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_54: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_108: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_109: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_54: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_54: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_54: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_54' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_54: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_54: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_54' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_54: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_5_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_110' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_111' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_55' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_110: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_111' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_110' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_111: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_55' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_55' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_55' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_55' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_55' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_55' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_55' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_55' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_55' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_55' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_55' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_55: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_55' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_55' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_55' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_55' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_55' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_55: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_55: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_55: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_110: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_111: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_55: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_55: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_55: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_55' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_55: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_55: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_55' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_55: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_6_3: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_112' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_113' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_56' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_112: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_113' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_112' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_113: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_56' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_56' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_56' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_56' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_56' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_56' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_56' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_56' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_56' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_56' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_56' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_56: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_56' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_56' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_56' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_56' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_56' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_56: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_56: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_56: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_112: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_113: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_56: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_56: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_56: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_56' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_56: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_56: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_56' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_56: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_7_3: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_114' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_115' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_57' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_114: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_115' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_114' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_115: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_57' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_57' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_57' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_57' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_57' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_57' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_57' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_57' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_57' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_57' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_57' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_57: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_57' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_57' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_57' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_57' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_57' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_57: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_57: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_57: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_114: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_115: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_57: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_57: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_57: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_57' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_57: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_57: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_57' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_57: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_8_3: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_116' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_117' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_58' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_116: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_117' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_116' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_117: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_58' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_58' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_58' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_58' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_58' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_58' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_58' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_58' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_58' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_58' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_58' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_58: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_58' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_58' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_58' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_58' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_58' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_58: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_58: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_58: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_116: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_117: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_58: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_58: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_58: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_58' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_58: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_58: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_58' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_58: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_9_3: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_10_3: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_118' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_119' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_59' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_118: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_119' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_118' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_119: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_59' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_59' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_59' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_59' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_59' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_59' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_59' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_59' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_59' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_59' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_59' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_59: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_59' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_59' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_59' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_59' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_59' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_59: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_59: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_59: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_118: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_119: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_59: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_59: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_59: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_59' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_59: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_59: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_59' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_59: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_11_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_120' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_121' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_60' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_120: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_121' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_120' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_121: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_60' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_60' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_60' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_60' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_60' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_60' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_60' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_60' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_60' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_60' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_60' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_60: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_60' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_60' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_60' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_60' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_60' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_60: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_60: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_60: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_120: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_121: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_60: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_60: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_60: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_60' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_60: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_60: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_60' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_60: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_12_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_122' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_123' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_61' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_122: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_123' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_122' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_123: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_61' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_61' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_61' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_61' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_61' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_61' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_61' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_61' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_61' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_61' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_61' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_61: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_61' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_61' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_61' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_61' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_61' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_61: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_61: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_61: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_122: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_123: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_61: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_61: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_61: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_61' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_61: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_61: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_61' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_61: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_13_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_124' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_125' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_62' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_124: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_125' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_124' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_125: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_62' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_62' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_62' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_62' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_62' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_62' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_62' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_62' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_62' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_62' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_62' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_62: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_62' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_62' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_62' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_62' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_62' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_62: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_62: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_62: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_124: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_125: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_62: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_62: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_62: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_62' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_62: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_62: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_62' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_62: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_14_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_126' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_127' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_63' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_126: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_127' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_126' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_127: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_63' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_63' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_63' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_63' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_63' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_63' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_63' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_63' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_63' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_63' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_63' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_63: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_63' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_63' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_63' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_63' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_63' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_63: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_63: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_63: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_126: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_127: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_63: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_63: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_63: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_63' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_63: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_63: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_63' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_63: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_15_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_128' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_129' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_64' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_128: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_129' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_128' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_129: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_64' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_64' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_64' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_64' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_64' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_64' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_64' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_64' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_64' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_64' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_64' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_64: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_64' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_64' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_64' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_64' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_64' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_64: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_64: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_64: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_128: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_129: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_64: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_64: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_64: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_64' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_64: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_64: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_64' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_64: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_16_3: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_130' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_131' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_65' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_130: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_131' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_130' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_131: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_65' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_65' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_65' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_65' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_65' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_65' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_65' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_65' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_65' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_65' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_65' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_65: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_65' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_65' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_65' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_65' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_65' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_65: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_65: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_65: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_130: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_131: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_65: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_65: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_65: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_65' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_65: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_65: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_65' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_65: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_17_3: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_3' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_132' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_133' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_66' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_1_3: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_From_2_3: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_132: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_133' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_132' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_133: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_66' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_66' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_66' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_66' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_66' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_66' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_66' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_66' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_66' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_66' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_66' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_66: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_66' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_66' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_66' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_66' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_66' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_66: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_66: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_66: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_132: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_133: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_66: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_66: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_66: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_66' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_66: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_66: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_66' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_66: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_18_3: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_3' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_3' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_134' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_135' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_67' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_On_failure_Item_3: + additionalProperties: {} + type: object + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Processors_Item_3: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_134: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_135' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_134' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_1_135: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_67' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_67' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_67' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_67' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_67' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_67' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_67' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_67' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_67' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_67' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_67' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Contains_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_EndsWith_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Eq_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Gte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Includes_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Lte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Neq_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_67: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_67' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_67' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_67' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_67' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_67' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Gte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lt_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Range_Lte_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_1_67: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_2_67: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_StartsWith_3_67: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_134: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_2_135: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_3_67: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_4_67: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_5_67: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_67' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Never_67: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_6_67: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_67' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Where_Always_67: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_2_7: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_9' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_11' + customIdentifier: + type: string + required: + - condition + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_9: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_10' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_3' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_11' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_9' + description: A basic filter condition, either unary or binary. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Contains_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_EndsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Eq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Includes_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Neq_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Gte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lt_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Range_Lte_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_2_3: + type: number + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_StartsWith_3_3: + type: boolean + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_9: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_10: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_3' + required: + - never + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_3' + required: + - always + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreams_Put_Request_Stream_Ingest_Processing_Steps_Condition_2_11: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreams_Put_Request_Stream_Ingest_Settings_3: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_3' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_3' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_3' + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_replicas_3: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.number_of_shards_3: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_3: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_3' + - $ref: '#/components/schemas/ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_3' + required: + - value + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_1_3: + type: string + ApiStreams_Put_Request_Stream_Ingest_Settings_Index.refresh_interval_Value_2_3: + enum: + - -1 + type: number + ApiStreams_Put_Request_9_1: + type: object + properties: {} + ApiStreams_Put_Request_10_1: + type: object + properties: {} + ApiStreamsFork_Post_Request: + additionalProperties: false + type: object + properties: + status: + enum: + - enabled + - disabled + type: string + stream: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Stream' + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_3' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_4' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_5' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - stream + - where + ApiStreamsFork_Post_Request_Stream: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + ApiStreamsFork_Post_Request_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsFork_Post_Request_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsFork_Post_Request_Where_Contains_1: + type: string + ApiStreamsFork_Post_Request_Where_Contains_2: + type: number + ApiStreamsFork_Post_Request_Where_Contains_3: + type: boolean + ApiStreamsFork_Post_Request_Where_EndsWith_1: + type: string + ApiStreamsFork_Post_Request_Where_EndsWith_2: + type: number + ApiStreamsFork_Post_Request_Where_EndsWith_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Eq_1: + type: string + ApiStreamsFork_Post_Request_Where_Eq_2: + type: number + ApiStreamsFork_Post_Request_Where_Eq_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Gt_1: + type: string + ApiStreamsFork_Post_Request_Where_Gt_2: + type: number + ApiStreamsFork_Post_Request_Where_Gt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Gte_1: + type: string + ApiStreamsFork_Post_Request_Where_Gte_2: + type: number + ApiStreamsFork_Post_Request_Where_Gte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Includes_1: + type: string + ApiStreamsFork_Post_Request_Where_Includes_2: + type: number + ApiStreamsFork_Post_Request_Where_Includes_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Lt_1: + type: string + ApiStreamsFork_Post_Request_Where_Lt_2: + type: number + ApiStreamsFork_Post_Request_Where_Lt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Lte_1: + type: string + ApiStreamsFork_Post_Request_Where_Lte_2: + type: number + ApiStreamsFork_Post_Request_Where_Lte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Neq_1: + type: string + ApiStreamsFork_Post_Request_Where_Neq_2: + type: number + ApiStreamsFork_Post_Request_Where_Neq_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsFork_Post_Request_Where_Range_Gt_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Gt_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Gt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Gte_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Gte_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Gte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Lt_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Lt_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Lt_3: + type: boolean + ApiStreamsFork_Post_Request_Where_Range_Lte_1: + type: string + ApiStreamsFork_Post_Request_Where_Range_Lte_2: + type: number + ApiStreamsFork_Post_Request_Where_Range_Lte_3: + type: boolean + ApiStreamsFork_Post_Request_Where_StartsWith_1: + type: string + ApiStreamsFork_Post_Request_Where_StartsWith_2: + type: number + ApiStreamsFork_Post_Request_Where_StartsWith_3: + type: boolean + ApiStreamsFork_Post_Request_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsFork_Post_Request_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsFork_Post_Request_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsFork_Post_Request_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsFork_Post_Request_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Never' + required: + - never + ApiStreamsFork_Post_Request_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsFork_Post_Request_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsFork_Post_Request_Where_Always' + required: + - always + ApiStreamsFork_Post_Request_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Get_Request_3' + ApiStreamsIngest_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Get_Request_3: + not: {} + ApiStreamsIngest_Put_Request: + additionalProperties: false + type: object + properties: + ingest: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2_1' + required: + - ingest + ApiStreamsIngest_Put_Request_Ingest_1: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2' + ApiStreamsIngest_Put_Request_Ingest_1_1: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_3' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3' + processing: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing' + settings: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_1' + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled' + required: + - enabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_1: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_1' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_1: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl' + required: + - dsl + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item' + type: array + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm' + required: + - ilm + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_1' + type: array + updated_at: + not: {} + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18' + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_1: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions: + additionalProperties: + type: string + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_1' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_3: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_3: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_1' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_1' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_2' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_4' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_2' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_2' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_2' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_2' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_2' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_2' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_2' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_2' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_2' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_2' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_2' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_2: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_2' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_2' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_2' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_2' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_2: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_4: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_5: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_2: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_2: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_2: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_2' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_2: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_2: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_2' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_2: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_3' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_6: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_6' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_7: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_3' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_3: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_3: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_6: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_7: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_3: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_3: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_3' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_3: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_3: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_3' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_3: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_4' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_8: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_8' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_9: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_4' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_4' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_4' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_4' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_4' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_4' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_4' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_4' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_4' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_4' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_4' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_4: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_4' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_4' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_4' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_4' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_4: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_4: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_4: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_8: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_9: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_4: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_4: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_4' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_4: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_4: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_4' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_4: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_5' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_10: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_10' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_11: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_5' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_5' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_5' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_5' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_5' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_5' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_5' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_5' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_5' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_5' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_5' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_5: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_5' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_5' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_5' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_5' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_5: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_5: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_5: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_10: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_11: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_5: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_5: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_5' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_5: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_5: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_5' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_5: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_6' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_12: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_12' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_13: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_6' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_6' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_6' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_6' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_6' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_6' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_6' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_6' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_6' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_6' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_6' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_6: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_6' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_6' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_6' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_6' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_6' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_6: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_6: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_6: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_12: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_13: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_6: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_6: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_6: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_6' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_6: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_6' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_6: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_7' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_14: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_14' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_15: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_7' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_7' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_7' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_7' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_7' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_7' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_7' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_7' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_7' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_7' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_7' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_7: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_7' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_7' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_7' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_7' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_7' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_7: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_7: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_7: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_14: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_15: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_7: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_7: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_7: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_7' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_7: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_7: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_7' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_7: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_8' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_16: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_16' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_17: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_8' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_8' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_8' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_8' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_8' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_8' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_8' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_8' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_8' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_8' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_8' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_8: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_8' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_8' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_8' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_8' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_8' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_8: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_8: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_8: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_16: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_17: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_8: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_8: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_8: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_8' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_8: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_8: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_8' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_8: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_9' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_18: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_18' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_19: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_9' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_9' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_9' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_9' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_9' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_9' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_9' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_9' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_9' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_9' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_9' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_9: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_9' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_9' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_9' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_9' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_9' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_9: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_9: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_9: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_18: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_19: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_9: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_9: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_9: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_9' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_9: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_9: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_9' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_9: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_10' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_20: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_20' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_21: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_10' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_10' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_10' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_10' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_10' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_10' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_10' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_10' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_10' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_10' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_10' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_10: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_10' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_10' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_10' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_10' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_10' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_10: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_10: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_10: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_20: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_21: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_10: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_10: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_10: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_10' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_10: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_10: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_10' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_10: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_11' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_22: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_22' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_23: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_11' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_11' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_11' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_11' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_11' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_11' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_11' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_11' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_11' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_11' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_11' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_11: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_11' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_11' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_11' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_11' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_11' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_11: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_11: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_11: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_22: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_23: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_11: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_11: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_11: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_11' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_11: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_11: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_11' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_11: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_12' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_24: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_24' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_25: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_12' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_12' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_12' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_12' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_12' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_12' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_12' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_12' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_12' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_12' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_12' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_12: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_12' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_12' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_12' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_12' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_12' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_12: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_12: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_12: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_24: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_25: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_12: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_12: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_12: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_12' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_12: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_12: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_12' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_12: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_13' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_26: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_26' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_27: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_13' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_13' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_13' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_13' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_13' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_13' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_13' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_13' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_13' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_13' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_13' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_13: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_13' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_13' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_13' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_13' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_13' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_13: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_13: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_13: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_26: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_27: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_13: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_13: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_13: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_13' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_13: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_13: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_13' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_13: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_14' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_28: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_28' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_29: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_14' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_14' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_14' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_14' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_14' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_14' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_14' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_14' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_14' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_14' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_14' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_14: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_14' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_14' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_14' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_14' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_14' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_14: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_14: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_14: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_28: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_29: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_14: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_14: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_14: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_14' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_14: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_14: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_14' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_14: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_15' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_30: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_30' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_31: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_15' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_15' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_15' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_15' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_15' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_15' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_15' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_15' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_15' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_15' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_15' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_15: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_15' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_15' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_15' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_15' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_15' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_15: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_15: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_15: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_30: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_31: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_15: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_15: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_15: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_15' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_15: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_15: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_15' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_15: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_16' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item: + additionalProperties: {} + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_32: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_32' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_33: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_16' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_16' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_16' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_16' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_16' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_16' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_16' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_16' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_16' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_16' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_16' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_16: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_16' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_16' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_16' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_16' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_16' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_16: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_16: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_16: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_32: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_33: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_16: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_16: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_16: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_16' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_16: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_16: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_16' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_16: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_1: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_2' + customIdentifier: + type: string + required: + - condition + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_2: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_2: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Settings: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval' + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2' + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2: + enum: + - -1 + type: number + ApiStreamsIngest_Put_Request_Ingest_2: + type: object + properties: + wired: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired' + required: + - wired + ApiStreamsIngest_Put_Request_Ingest_Wired: + additionalProperties: false + type: object + properties: + fields: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields' + routing: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Item' + type: array + required: + - fields + - routing + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_3' + type: object + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_2' + type: object + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5' + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_1: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_5_1: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_3_2: + items: {} + type: array + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_4_2: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_4' + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Wired_Fields_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Item: + additionalProperties: false + type: object + properties: + destination: + description: A non-empty string. + minLength: 1 + type: string + status: + enum: + - enabled + - disabled + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + required: + - destination + - where + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Contains_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_EndsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Eq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Includes_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Neq_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Gte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lt_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Range_Lte_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_StartsWith_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Never' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Always' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Wired_Routing_Where_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_2_1: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_2_2' + ApiStreamsIngest_Put_Request_Ingest_1_2: + type: object + properties: + failure_store: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_3_1' + lifecycle: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3_1' + processing: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_1' + settings: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_1' + required: + - lifecycle + - processing + - settings + - failure_store + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_2: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit_1' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_2: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled_1' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Failure_store_3_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_3' + ApiStreamsIngest_Put_Request_Ingest_Failure_store_1_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_2' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_2: + additionalProperties: false + type: object + properties: + enabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled_1' + required: + - enabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Enabled_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + ApiStreamsIngest_Put_Request_Ingest_Failure_store_2_3: + additionalProperties: false + type: object + properties: + lifecycle: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_3' + required: + - lifecycle + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_3: + additionalProperties: false + type: object + properties: + disabled: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled_1' + required: + - disabled + ApiStreamsIngest_Put_Request_Ingest_Failure_store_Lifecycle_Disabled_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_1_1: + additionalProperties: false + type: object + properties: + dsl: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_1' + required: + - dsl + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_1: + additionalProperties: false + type: object + properties: + data_retention: + description: A non-empty string. + minLength: 1 + type: string + downsample: + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Dsl_Downsample_Item_1: + additionalProperties: false + type: object + properties: + after: + description: A non-empty string. + minLength: 1 + type: string + fixed_interval: + description: A non-empty string. + minLength: 1 + type: string + required: + - after + - fixed_interval + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_2_1: + additionalProperties: false + type: object + properties: + ilm: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm_1' + required: + - ilm + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Ilm_1: + additionalProperties: false + type: object + properties: + policy: + description: A non-empty string. + minLength: 1 + type: string + required: + - policy + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_3_1: + additionalProperties: false + type: object + properties: + inherit: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit_1' + required: + - inherit + ApiStreamsIngest_Put_Request_Ingest_Lifecycle_Inherit_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_1: + additionalProperties: false + type: object + properties: + steps: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_3' + type: array + updated_at: + not: {} + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_2: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18_1' + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_1_3: + additionalProperties: false + description: Grok processor - Extract fields from text using grok patterns + type: object + properties: + action: + enum: + - grok + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with grok patterns + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern_definitions: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions_1' + patterns: + description: Grok patterns applied in order to extract fields + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_34' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_35' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_17' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - patterns + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Pattern_definitions_1: + additionalProperties: + type: string + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_34: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_35' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_34' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_35: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_17' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_17' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_17' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_17' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_17' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_17' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_17' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_17' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_17' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_17' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_17' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_17: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_17' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_17' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_17' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_17' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_17' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_17: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_17: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_17: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_34: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_35: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_17: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_17: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_17: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_17' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_17: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_17: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_17' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_17: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_2: + additionalProperties: false + description: Dissect processor - Extract fields from text using a lightweight, delimiter-based parser + type: object + properties: + action: + enum: + - dissect + type: string + append_separator: + description: Separator inserted when target fields are concatenated + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to parse with dissect pattern + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + pattern: + description: Dissect pattern describing field boundaries + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_36' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_37' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_18' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_36: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_37' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_36' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_37: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_18' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_18' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_18' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_18' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_18' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_18' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_18' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_18' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_18' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_18' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_18' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_18: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_18' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_18' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_18' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_18' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_18' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_18: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_18: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_18: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_36: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_37: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_18: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_18: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_18: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_18' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_18: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_18: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_18' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_18: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_3_1: + additionalProperties: false + description: Date processor - Parse dates from strings using one or more expected formats + type: object + properties: + action: + enum: + - date + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + formats: + description: Accepted input date formats, tried in order + items: + description: A non-empty string. + minLength: 1 + type: string + type: array + from: + description: Source field containing the date/time text + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + locale: + description: Optional locale for date parsing + minLength: 1 + type: string + output_format: + description: Optional output format for storing the parsed date as text + minLength: 1 + type: string + timezone: + description: Optional timezone for date parsing + minLength: 1 + type: string + to: + description: Target field for the parsed date (defaults to source) + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_38' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_39' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_19' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - formats + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_38: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_39' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_38' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_39: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_19' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_19' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_19' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_19' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_19' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_19' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_19' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_19' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_19' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_19' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_19' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_19: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_19' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_19' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_19' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_19' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_19' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_19: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_19: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_19: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_38: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_39: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_19: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_19: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_19: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_19' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_19: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_19: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_19' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_19: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_4_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - drop_document + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_40' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_41' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_20' + description: Conditional expression controlling whether this processor runs + required: + - action + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_40: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_41' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_40' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_41: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_20' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_20' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_20' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_20' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_20' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_20' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_20' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_20' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_20' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_20' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_20' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_20: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_20' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_20' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_20' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_20' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_20' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_20: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_20: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_20: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_40: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_41: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_20: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_20: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_20: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_20' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_20: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_20: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_20' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_20: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_5_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - math + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + expression: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_42' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_43' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_21' + description: Conditional expression controlling whether this processor runs + required: + - action + - expression + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_42: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_43' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_42' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_43: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_21' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_21' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_21' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_21' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_21' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_21' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_21' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_21' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_21' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_21' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_21' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_21: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_21' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_21' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_21' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_21' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_21' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_21: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_21: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_21: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_42: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_43: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_21: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_21: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_21: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_21' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_21: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_21: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_21' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_21: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_6_1: + additionalProperties: false + description: Rename processor - Change a field name and optionally its location + type: object + properties: + action: + enum: + - rename + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Existing source field to rename or move + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip when source field is missing + type: boolean + override: + description: Allow overwriting the target field if it already exists + type: boolean + to: + description: New field name or destination path + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_44' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_45' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_22' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_44: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_45' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_44' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_45: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_22' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_22' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_22' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_22' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_22' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_22' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_22' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_22' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_22' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_22' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_22' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_22: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_22' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_22' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_22' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_22' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_22' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_22: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_22: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_22: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_44: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_45: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_22: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_22: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_22: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_22' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_22: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_22: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_22' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_22: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_7_1: + additionalProperties: false + description: Set processor - Assign a literal or copied value to a field (mutually exclusive inputs) + type: object + properties: + action: + enum: + - set + type: string + copy_from: + description: Copy value from another field instead of providing a literal + minLength: 1 + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + override: + description: Allow overwriting an existing target field + type: boolean + to: + description: Target field to set or create + minLength: 1 + type: string + value: + description: Literal value to assign to the target field + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_46' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_47' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_23' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_46: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_47' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_46' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_47: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_23' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_23' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_23' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_23' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_23' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_23' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_23' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_23' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_23' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_23' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_23' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_23: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_23' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_23' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_23' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_23' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_23' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_23: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_23: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_23: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_46: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_47: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_23: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_23: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_23: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_23' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_23: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_23: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_23' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_23: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_8_1: + additionalProperties: false + description: Append processor - Append one or more values to an existing or new array field + type: object + properties: + action: + enum: + - append + type: string + allow_duplicates: + description: If true, do not deduplicate appended values + type: boolean + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + to: + description: Array field to append values to + minLength: 1 + type: string + value: + description: Values to append (must be literal, no templates) + items: {} + minItems: 1 + type: array + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_48' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_49' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_24' + description: Conditional expression controlling whether this processor runs + required: + - action + - to + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_48: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_49' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_48' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_49: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_24' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_24' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_24' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_24' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_24' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_24' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_24' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_24' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_24' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_24' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_24' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_24: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_24' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_24' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_24' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_24' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_24' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_24: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_24: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_24: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_48: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_49: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_24: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_24: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_24: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_24' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_24: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_24: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_24' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_24: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_9_1: + additionalProperties: false + description: Remove by prefix processor - Remove a field and all nested fields matching the prefix + type: object + properties: + action: + enum: + - remove_by_prefix + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove along with all its nested fields + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_10_1: + additionalProperties: false + description: Remove processor - Delete one or more fields from the document + type: object + properties: + action: + enum: + - remove + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Field to remove from the document + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_50' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_51' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_25' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_50: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_51' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_50' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_51: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_25' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_25' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_25' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_25' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_25' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_25' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_25' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_25' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_25' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_25' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_25' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_25: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_25' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_25' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_25' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_25' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_25' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_25: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_25: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_25: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_50: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_51: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_25: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_25: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_25: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_25' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_25: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_25: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_25' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_25: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_11_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - replace + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + pattern: + description: A non-empty string or string with whitespace. + minLength: 1 + type: string + replacement: + type: string + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_52' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_53' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_26' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - pattern + - replacement + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_52: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_53' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_52' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_53: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_26' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_26' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_26' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_26' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_26' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_26' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_26' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_26' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_26' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_26' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_26' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_26: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_26' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_26' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_26' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_26' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_26' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_26: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_26: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_26: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_52: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_53: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_26: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_26: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_26: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_26' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_26: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_26: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_26' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_26: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_12_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - uppercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_54' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_55' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_27' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_54: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_55' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_54' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_55: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_27' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_27' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_27' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_27' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_27' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_27' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_27' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_27' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_27' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_27' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_27' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_27: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_27' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_27' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_27' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_27' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_27' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_27: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_27: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_27: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_54: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_55: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_27: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_27: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_27: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_27' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_27: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_27: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_27' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_27: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_13_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - lowercase + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_56' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_57' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_28' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_56: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_57' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_56' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_57: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_28' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_28' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_28' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_28' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_28' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_28' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_28' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_28' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_28' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_28' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_28' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_28: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_28' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_28' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_28' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_28' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_28' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_28: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_28: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_28: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_56: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_57: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_28: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_28: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_28: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_28' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_28: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_28: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_28' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_28: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_14_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - trim + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: A non-empty string. + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_58' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_59' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_29' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_58: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_59' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_58' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_59: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_29' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_29' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_29' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_29' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_29' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_29' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_29' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_29' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_29' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_29' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_29' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_29: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_29' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_29' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_29' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_29' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_29' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_29: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_29: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_29: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_58: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_59: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_29: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_29: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_29: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_29' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_29: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_29: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_29' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_29: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_15_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - join + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + delimiter: + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + description: A non-empty string. + minLength: 1 + type: string + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_60' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_61' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_30' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - delimiter + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_60: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_61' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_60' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_61: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_30' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_30' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_30' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_30' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_30' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_30' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_30' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_30' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_30' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_30' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_30' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_30: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_30' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_30' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_30' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_30' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_30' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_30: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_30: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_30: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_60: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_61: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_30: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_30: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_30: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_30' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_30: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_30: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_30' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_30: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_16_1: + additionalProperties: false + description: Convert processor - Change the data type of a field value (integer, long, double, boolean, or string) + type: object + properties: + action: + enum: + - convert + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + description: Source field to convert to a different data type + minLength: 1 + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + description: Skip processing when source field is missing + type: boolean + to: + description: Target field for the converted value (defaults to source) + minLength: 1 + type: string + type: + description: 'Target data type: integer, long, double, boolean, or string' + enum: + - integer + - long + - double + - boolean + - string + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_62' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_63' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_31' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - type + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_62: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_63' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_62' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_63: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_31' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_31' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_31' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_31' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_31' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_31' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_31' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_31' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_31' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_31' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_31' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_31: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_31' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_31' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_31' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_31' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_31' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_31: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_31: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_31: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_62: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_63: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_31: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_31: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_31: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_31' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_31: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_31: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_31' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_31: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_17_1: + additionalProperties: false + description: Base processor options plus conditional execution + type: object + properties: + action: + enum: + - concat + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + from: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2_1' + minItems: 1 + type: array + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + ignore_missing: + type: boolean + to: + description: A non-empty string. + minLength: 1 + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_64' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_65' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_32' + description: Conditional expression controlling whether this processor runs + required: + - action + - from + - to + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_1_1: + additionalProperties: false + type: object + properties: + type: + enum: + - field + type: string + value: + description: A non-empty string. + minLength: 1 + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_From_2_1: + additionalProperties: false + type: object + properties: + type: + enum: + - literal + type: string + value: + type: string + required: + - type + - value + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_64: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_65' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_64' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_65: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_32' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_32' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_32' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_32' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_32' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_32' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_32' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_32' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_32' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_32' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_32' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_32: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_32' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_32' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_32' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_32' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_32' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_32: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_32: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_32: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_64: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_65: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_32: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_32: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_32: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_32' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_32: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_32: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_32' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_32: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_18_1: + additionalProperties: false + description: Manual ingest pipeline wrapper around native Elasticsearch processors + type: object + properties: + action: + description: Manual ingest pipeline - executes raw Elasticsearch ingest processors + enum: + - manual_ingest_pipeline + type: string + customIdentifier: + description: Custom identifier to correlate this processor across outputs + minLength: 1 + type: string + description: + description: Human-readable notes about this processor step + type: string + ignore_failure: + description: Continue pipeline execution if this processor fails + type: boolean + on_failure: + description: Fallback processors to run when a processor fails + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item_1' + type: array + processors: + description: List of raw Elasticsearch ingest processors to run + items: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item_1' + type: array + tag: + description: Optional ingest processor tag for Elasticsearch + type: string + where: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_66' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_67' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_33' + description: Conditional expression controlling whether this processor runs + required: + - action + - processors + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_On_failure_Item_1: + additionalProperties: {} + type: object + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Processors_Item_1: + additionalProperties: false + type: object + properties: + append: {} + attachment: {} + bytes: {} + circle: {} + community_id: {} + convert: {} + csv: {} + date: {} + date_index_name: {} + dissect: {} + dot_expander: {} + drop: {} + enrich: {} + fail: {} + fingerprint: {} + foreach: {} + geo_grid: {} + geoip: {} + grok: {} + gsub: {} + html_strip: {} + inference: {} + ip_location: {} + join: {} + json: {} + kv: {} + lowercase: {} + network_direction: {} + pipeline: {} + redact: {} + registered_domain: {} + remove: {} + rename: {} + reroute: {} + script: {} + set: {} + set_security_user: {} + sort: {} + split: {} + terminate: {} + trim: {} + uppercase: {} + uri_parts: {} + urldecode: {} + user_agent: {} + required: + - append + - attachment + - bytes + - circle + - community_id + - convert + - csv + - date + - date_index_name + - dissect + - dot_expander + - drop + - enrich + - fail + - fingerprint + - foreach + - ip_location + - geo_grid + - geoip + - grok + - gsub + - html_strip + - inference + - join + - json + - kv + - lowercase + - network_direction + - pipeline + - redact + - registered_domain + - remove + - rename + - reroute + - script + - set + - set_security_user + - sort + - split + - terminate + - trim + - uppercase + - urldecode + - uri_parts + - user_agent + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_66: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_67' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_66' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_1_67: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_33' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_33' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_33' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_33' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_33' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_33' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_33' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_33' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_33' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_33' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_33' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Contains_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_EndsWith_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Eq_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Gte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Includes_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Lte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Neq_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_33: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_33' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_33' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_33' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_33' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_33' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Gte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lt_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Range_Lte_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_1_33: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_2_33: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_StartsWith_3_33: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_66: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_2_67: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_3_33: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_4_33: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_5_33: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_33' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Never_33: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_6_33: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_33' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Where_Always_33: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_2_3: + additionalProperties: false + type: object + properties: + condition: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_5' + customIdentifier: + type: string + required: + - condition + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6_1' + description: The root condition object. It can be a simple filter or a combination of other conditions. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_4: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_5' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_3' + description: A basic filter condition, either unary or binary. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_1_5: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3_1' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3_1' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3_1' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3_1' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3_1' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3_1' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3_1' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3_1' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3_1' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_1' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3_1' + description: Starts-with comparison value. + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Contains_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_EndsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Eq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Includes_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Neq_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_1: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3_1' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3_1' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3_1' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3_1' + description: A value that can be a string, number, or boolean. + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Gte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lt_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Range_Lte_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_2_1: + type: number + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_StartsWith_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_3: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_4: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_3_1: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_4_1: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_5_1: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never_1' + required: + - never + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Never_1: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_6_1: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always_1' + required: + - always + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_Always_1: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsIngest_Put_Request_Ingest_Processing_Steps_Condition_2_5: + type: object + properties: + steps: + items: {} + type: array + required: + - steps + ApiStreamsIngest_Put_Request_Ingest_Settings_1: + additionalProperties: false + type: object + properties: + index.number_of_replicas: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas_1' + index.number_of_shards: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards_1' + index.refresh_interval: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_1' + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_replicas_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.number_of_shards_1: + additionalProperties: false + type: object + properties: + value: + type: number + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_1: + additionalProperties: false + type: object + properties: + value: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2_1' + required: + - value + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_1_1: + type: string + ApiStreamsIngest_Put_Request_Ingest_Settings_Index.refresh_interval_Value_2_1: + enum: + - -1 + type: number + ApiStreamsIngest_Put_Request_Ingest_2_2: + type: object + properties: + classic: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic' + required: + - classic + ApiStreamsIngest_Put_Request_Ingest_Classic: + additionalProperties: false + type: object + properties: + field_overrides: + $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides: + additionalProperties: + allOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_3' + type: object + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1: + additionalProperties: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_2' + type: object + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_2: + type: string + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_1: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_3' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_2' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_1' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5_1' + type: array + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_3: + type: string + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_2: + type: number + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_1: + type: boolean + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_1: + enum: + - 'null' + nullable: true + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_5_1: + not: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_3_2: + items: {} + type: array + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_4_2: {} + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_3: + anyOf: + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_4' + - $ref: '#/components/schemas/ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_4' + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_1_4: + additionalProperties: false + type: object + properties: + format: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - keyword + - match_only_text + - long + - double + - date + - boolean + - ip + - geo_point + type: string + required: + - type + ApiStreamsIngest_Put_Request_Ingest_Classic_Field_overrides_2_4: + additionalProperties: false + type: object + properties: + type: + enum: + - system + type: string + required: + - type + ApiStreamsContentExport_Post_Request: + additionalProperties: false + type: object + properties: + description: + type: string + include: + anyOf: + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_1' + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_2' + name: + type: string + version: + type: string + required: + - name + - description + - version + - include + ApiStreamsContentExport_Post_Request_Include_1: + additionalProperties: false + type: object + properties: + objects: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects' + required: + - objects + ApiStreamsContentExport_Post_Request_Include_Objects: + additionalProperties: false + type: object + properties: + all: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_All' + required: + - all + ApiStreamsContentExport_Post_Request_Include_Objects_All: + additionalProperties: false + type: object + properties: {} + ApiStreamsContentExport_Post_Request_Include_2: + additionalProperties: false + type: object + properties: + objects: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_1' + required: + - objects + ApiStreamsContentExport_Post_Request_Include_Objects_1: + additionalProperties: false + type: object + properties: + mappings: + type: boolean + queries: + items: + $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Queries_Item' + type: array + routing: + items: + allOf: + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Routing_1' + - $ref: '#/components/schemas/ApiStreamsContentExport_Post_Request_Include_Objects_Routing_2' + type: array + required: + - mappings + - queries + - routing + ApiStreamsContentExport_Post_Request_Include_Objects_Queries_Item: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiStreamsContentExport_Post_Request_Include_Objects_Routing_1: {} + ApiStreamsContentExport_Post_Request_Include_Objects_Routing_2: + type: object + properties: + destination: + type: string + required: + - destination + ApiStreamsContentImport_Post_Request: + additionalProperties: false + type: object + properties: + content: {} + include: + type: string + required: + - include + - content + ApiStreamsQueries_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Get_Request_3' + ApiStreamsQueries_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsQueries_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsQueries_Get_Request_3: + not: {} + ApiStreamsQueriesBulk_Post_Request: + additionalProperties: false + type: object + properties: + operations: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_2' + type: array + required: + - operations + ApiStreamsQueriesBulk_Post_Request_Operations_1: + additionalProperties: false + type: object + properties: + index: + allOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_2' + required: + - index + ApiStreamsQueriesBulk_Post_Request_Operations_Index_1: + type: object + properties: + id: + description: A non-empty string. + minLength: 1 + type: string + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - id + - title + ApiStreamsQueriesBulk_Post_Request_Operations_Index_2: + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Kql' + severity_score: + type: number + required: + - kql + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Contains_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Eq_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Gte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Includes_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Lte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Neq_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_1: + type: string + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_2: + type: number + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Never' + required: + - never + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Always' + required: + - always + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsQueriesBulk_Post_Request_Operations_Index_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsQueriesBulk_Post_Request_Operations_2: + additionalProperties: false + type: object + properties: + delete: + $ref: '#/components/schemas/ApiStreamsQueriesBulk_Post_Request_Operations_Delete' + required: + - delete + ApiStreamsQueriesBulk_Post_Request_Operations_Delete: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + ApiStreamsQueries_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Delete_Request_3' + ApiStreamsQueries_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsQueries_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsQueries_Delete_Request_3: + not: {} + ApiStreamsQueries_Put_Request: + additionalProperties: false + type: object + properties: + evidence: + items: + type: string + type: array + feature: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Kql' + severity_score: + type: number + title: + description: A non-empty string. + minLength: 1 + type: string + required: + - title + - kql + ApiStreamsQueries_Put_Request_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + description: A non-empty string. + minLength: 1 + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsQueries_Put_Request_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsQueries_Put_Request_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Contains_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Eq_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Gt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Gte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Includes_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Lt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Lte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Neq_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_1: + type: string + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_2: + type: number + ApiStreamsQueries_Put_Request_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsQueries_Put_Request_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsQueries_Put_Request_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsQueries_Put_Request_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsQueries_Put_Request_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsQueries_Put_Request_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Never' + required: + - never + ApiStreamsQueries_Put_Request_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsQueries_Put_Request_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsQueries_Put_Request_Feature_Filter_Always' + required: + - always + ApiStreamsQueries_Put_Request_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsQueries_Put_Request_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsSignificantEvents_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEvents_Get_Request_3' + ApiStreamsSignificantEvents_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsSignificantEvents_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsSignificantEvents_Get_Request_3: + not: {} + ApiStreamsSignificantEventsGenerate_Post_Request: + additionalProperties: false + type: object + properties: + system: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System' + ApiStreamsSignificantEventsGenerate_Post_Request_System: + additionalProperties: false + type: object + properties: + description: + type: string + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_3' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_4' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_5' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + type: string + type: + enum: + - system + type: string + required: + - type + - name + - description + - filter + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Contains_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_EndsWith_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Eq_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Gte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Includes_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Lte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Neq_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Gte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lt_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Range_Lte_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_1: + type: string + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_2: + type: number + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_StartsWith_3: + type: boolean + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Never' + required: + - never + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Always' + required: + - always + ApiStreamsSignificantEventsGenerate_Post_Request_System_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request: + additionalProperties: false + type: object + properties: + query: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query' + required: + - query + ApiStreamsSignificantEventsPreview_Post_Request_Query: + additionalProperties: false + type: object + properties: + feature: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature' + kql: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Kql' + required: + - kql + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature: + additionalProperties: false + type: object + properties: + filter: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_3' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_4' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_5' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_6' + description: The root condition object. It can be a simple filter or a combination of other conditions. + name: + type: string + type: + enum: + - system + type: string + required: + - name + - filter + - type + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2' + description: A basic filter condition, either unary or binary. + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_1_1: + additionalProperties: false + description: A condition that compares a field to a value or range using an operator as the key. + type: object + properties: + contains: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_3' + description: Contains comparison value. + endsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_3' + description: Ends-with comparison value. + eq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_3' + description: Equality comparison value. + field: + description: The document field to filter on. + minLength: 1 + type: string + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_3' + description: Greater-than comparison value. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_3' + description: Greater-than-or-equal comparison value. + includes: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_3' + description: Checks if multivalue field includes the value. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_3' + description: Less-than comparison value. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_3' + description: Less-than-or-equal comparison value. + neq: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_3' + description: Inequality comparison value. + range: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range' + startsWith: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_3' + description: Starts-with comparison value. + required: + - field + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Contains_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_EndsWith_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Eq_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Gte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Includes_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Lte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Neq_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range: + additionalProperties: false + description: Range comparison values. + type: object + properties: + gt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_3' + description: A value that can be a string, number, or boolean. + gte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_3' + description: A value that can be a string, number, or boolean. + lt: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_3' + description: A value that can be a string, number, or boolean. + lte: + anyOf: + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_1' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_2' + - $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_3' + description: A value that can be a string, number, or boolean. + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Gte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lt_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Range_Lte_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_1: + type: string + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_2: + type: number + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_StartsWith_3: + type: boolean + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2: + additionalProperties: false + description: A condition that checks for the existence or non-existence of a field. + type: object + properties: + exists: + description: Indicates whether the field exists or not. + type: boolean + field: + description: The document field to check. + minLength: 1 + type: string + required: + - field + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_2_1: + additionalProperties: false + description: A logical AND that groups multiple conditions. + type: object + properties: + and: + description: An array of conditions. All sub-conditions must be true for this condition to be true. + items: {} + type: array + required: + - and + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_3: + additionalProperties: false + description: A logical OR that groups multiple conditions. + type: object + properties: + or: + description: An array of conditions. At least one sub-condition must be true for this condition to be true. + items: {} + type: array + required: + - or + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_4: + additionalProperties: false + description: A logical NOT that negates a condition. + type: object + properties: + not: + description: A condition that negates another condition. + required: + - not + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_5: + additionalProperties: false + description: A condition that always evaluates to false. + type: object + properties: + never: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Never' + required: + - never + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Never: + additionalProperties: false + description: An empty object. This condition never matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_6: + additionalProperties: false + description: A condition that always evaluates to true. Useful for catch-all scenarios, but use with caution as partitions are ordered. + type: object + properties: + always: + $ref: '#/components/schemas/ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Always' + required: + - always + ApiStreamsSignificantEventsPreview_Post_Request_Query_Feature_Filter_Always: + additionalProperties: false + description: An empty object. This condition always matches. + type: object + properties: {} + ApiStreamsSignificantEventsPreview_Post_Request_Query_Kql: + additionalProperties: false + type: object + properties: + query: + type: string + required: + - query + ApiStreamsAttachments_Get_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Get_Request_3' + ApiStreamsAttachments_Get_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Get_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Get_Request_3: + not: {} + ApiStreamsAttachmentsBulk_Post_Request: + additionalProperties: false + type: object + properties: + operations: + items: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_1' + - $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_2' + type: array + required: + - operations + ApiStreamsAttachmentsBulk_Post_Request_Operations_1: + additionalProperties: false + type: object + properties: + index: + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_Index' + required: + - index + ApiStreamsAttachmentsBulk_Post_Request_Operations_Index: + additionalProperties: false + type: object + properties: + id: + type: string + type: + enum: + - dashboard + - rule + - slo + type: string + required: + - id + - type + ApiStreamsAttachmentsBulk_Post_Request_Operations_2: + additionalProperties: false + type: object + properties: + delete: + $ref: '#/components/schemas/ApiStreamsAttachmentsBulk_Post_Request_Operations_Delete' + required: + - delete + ApiStreamsAttachmentsBulk_Post_Request_Operations_Delete: + additionalProperties: false + type: object + properties: + id: + type: string + type: + enum: + - dashboard + - rule + - slo + type: string + required: + - id + - type + ApiStreamsAttachments_Delete_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Delete_Request_3' + ApiStreamsAttachments_Delete_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Delete_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Delete_Request_3: + not: {} + ApiStreamsAttachments_Put_Request: + anyOf: + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_1' + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_2' + - $ref: '#/components/schemas/ApiStreamsAttachments_Put_Request_3' + ApiStreamsAttachments_Put_Request_1: + additionalProperties: false + type: object + properties: {} + ApiStreamsAttachments_Put_Request_2: + enum: + - 'null' + nullable: true + ApiStreamsAttachments_Put_Request_3: + not: {} + ApiSyntheticsMonitorTest_Post_Response_200: + type: object + properties: + errors: + description: Array of errors encountered while triggering the test, one per service location. + items: + $ref: '#/components/schemas/ApiSyntheticsMonitorTest_Post_Response_200_Errors_Item' + type: array + testRunId: + description: Unique identifier for the triggered test run. + type: string + required: + - testRunId + ApiSyntheticsMonitorTest_Post_Response_200_Errors_Item: + type: object + properties: + error: + $ref: '#/components/schemas/ApiSyntheticsMonitorTest_Post_Response_200_Errors_Error' + locationId: + description: Identifier of the service location where the error occurred. + type: string + required: + - locationId + - error + ApiSyntheticsMonitorTest_Post_Response_200_Errors_Error: + type: object + properties: + failed_monitors: + description: Optional list of monitors that failed at the location. + items: + $ref: '#/components/schemas/ApiSyntheticsMonitorTest_Post_Response_200_Errors_Error_Failed_monitors_Item' + nullable: true + type: array + reason: + description: Human-readable explanation of the failure. + type: string + status: + description: HTTP status code returned by the agent. + type: integer + required: + - status + - reason + - failed_monitors + ApiSyntheticsMonitorTest_Post_Response_200_Errors_Error_Failed_monitors_Item: + type: object + ApiSyntheticsMonitors_Get_Response_200: + type: object + ApiSyntheticsMonitors_Post_Request: + description: | + The request body should contain the attributes of the monitor you want to create. The required and default fields differ depending on the monitor type. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/Synthetics_browserMonitorFields' + - $ref: '#/components/schemas/Synthetics_httpMonitorFields' + - $ref: '#/components/schemas/Synthetics_icmpMonitorFields' + - $ref: '#/components/schemas/Synthetics_tcpMonitorFields' + ApiSyntheticsMonitorsBulkDelete_Post_Request: + type: object + properties: + ids: + description: An array of monitor IDs to delete. + items: + type: string + type: array + required: + - ids + ApiSyntheticsMonitorsBulkDelete_Post_Response_200_Item: + description: The API response includes information about the deleted monitors. + type: object + properties: + deleted: + description: | + If it is `true`, the monitor was successfully deleted If it is `false`, the monitor was not deleted. + type: boolean + ids: + description: The unique identifier of the deleted monitor. + type: string + ApiSyntheticsMonitors_Get_Response_200_1: + type: object + ApiSyntheticsMonitors_Put_Request: + description: | + The request body should contain the attributes of the monitor you want to update. The required and default fields differ depending on the monitor type. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/Synthetics_browserMonitorFields' + - $ref: '#/components/schemas/Synthetics_httpMonitorFields' + - $ref: '#/components/schemas/Synthetics_icmpMonitorFields' + - $ref: '#/components/schemas/Synthetics_tcpMonitorFields' + type: object + ApiSyntheticsParams_Post_Request: + oneOf: + - $ref: '#/components/schemas/ApiSyntheticsParams_Post_Request_1' + - $ref: '#/components/schemas/Synthetics_parameterRequest' + ApiSyntheticsParams_Post_Request_1: + items: + $ref: '#/components/schemas/Synthetics_parameterRequest' + type: array + ApiSyntheticsParams_Post_Response_200: + oneOf: + - $ref: '#/components/schemas/ApiSyntheticsParams_Post_Response_200_1' + - $ref: '#/components/schemas/Synthetics_postParameterResponse' + ApiSyntheticsParams_Post_Response_200_1: + items: + $ref: '#/components/schemas/Synthetics_postParameterResponse' + type: array + ApiSyntheticsParamsBulkDelete_Post_Request: + type: object + properties: + ids: + description: An array of parameter IDs to delete. + items: + type: string + type: array + ApiSyntheticsParamsBulkDelete_Post_Response_200_Item: + type: object + properties: + deleted: + description: | + Indicates whether the parameter was successfully deleted. It is `true` if it was deleted. It is `false` if it was not deleted. + type: boolean + id: + description: The unique identifier for the deleted parameter. + type: string + ApiSyntheticsParams_Put_Request: + type: object + properties: + description: + description: The updated description of the parameter. + type: string + key: + description: The key of the parameter. + type: string + tags: + description: An array of updated tags to categorize the parameter. + items: + type: string + type: array + value: + description: The updated value associated with the parameter. + type: string + ApiSyntheticsParams_Put_Response_200: + type: object + ApiSyntheticsPrivateLocations_Post_Request: + type: object + properties: + agentPolicyId: + description: The ID of the agent policy associated with the private location. + type: string + geo: + $ref: '#/components/schemas/ApiSyntheticsPrivateLocations_Post_Request_Geo' + label: + description: A label for the private location. + type: string + spaces: + description: | + An array of space IDs where the private location is available. If it is not provided, the private location is available in all spaces. + items: + type: string + type: array + tags: + description: An array of tags to categorize the private location. + items: + type: string + type: array + required: + - agentPolicyId + - label + ApiSyntheticsPrivateLocations_Post_Request_Geo: + description: Geographic coordinates (WGS84) for the location. + type: object + properties: + lat: + description: The latitude of the location. + type: number + lon: + description: The longitude of the location. + type: number + required: + - lat + - lon + ApiSyntheticsPrivateLocations_Post_Response_200: + type: object + ApiSyntheticsPrivateLocations_Put_Request: + type: object + properties: + label: + description: A new label for the private location. Must be at least 1 character long. + minLength: 1 + type: string + required: + - label + ApiTimeline_Delete_Request: + type: object + properties: + savedObjectIds: + description: The list of IDs of the Timelines or Timeline templates to delete + example: + - 15c1929b-0af7-42bd-85a8-56e234cc7c4e + items: + type: string + type: array + searchIds: + description: Saved search IDs that should be deleted alongside the timelines + example: + - 23f3-43g34g322-e5g5hrh6h-45454 + - 6ce1b592-84e3-4b4a-9552-f189d4b82075 + items: + type: string + type: array + required: + - savedObjectIds + ApiTimeline_Patch_Request: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + description: The timeline object of the Timeline or Timeline template that you’re updating. + timelineId: + description: The `savedObjectId` of the Timeline or Timeline template that you’re updating. + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + nullable: true + type: string + version: + description: The version of the Timeline or Timeline template that you’re updating. + example: WzE0LDFd + nullable: true + type: string + required: + - timelineId + - version + - timeline + ApiTimeline_Patch_Response_405: + type: object + properties: + body: + description: The error message + example: update timeline error + type: string + statusCode: + example: 405 + type: number + ApiTimeline_Post_Request: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + description: A unique identifier for the Timeline template. + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + nullable: true + type: string + templateTimelineVersion: + description: Timeline template version number. + example: 12 + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + description: A unique identifier for the Timeline. + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + ApiTimeline_Post_Response_405: + type: object + properties: + body: + description: The error message + example: update timeline error + type: string + statusCode: + example: 405 + type: number + ApiTimelineCopy_Get_Request: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + ApiTimelineDraft_Get_Response_403: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Get_Response_409: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Post_Request: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + ApiTimelineDraft_Post_Response_403: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineDraft_Post_Response_409: + type: object + properties: + message: + type: string + status_code: + type: number + ApiTimelineExport_Post_Request: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + ApiTimelineExport_Post_Response_400: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelineFavorite_Patch_Request: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + ApiTimelineFavorite_Patch_Response_403: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelineImport_Post_Request: + type: object + properties: + file: {} + isImmutable: + description: Whether the Timeline should be immutable + enum: + - 'true' + - 'false' + type: string + required: + - file + ApiTimelineImport_Post_Response_400: + type: object + properties: + body: + description: The error message + example: Invalid file extension + type: string + statusCode: + example: 400 + type: number + ApiTimelineImport_Post_Response_404: + type: object + properties: + body: + description: The error message + example: Unable to find saved object client + type: string + statusCode: + example: 404 + type: number + ApiTimelineImport_Post_Response_409: + type: object + properties: + body: + description: The error message + example: Could not import timelines + type: string + statusCode: + example: 409 + type: number + ApiTimelinePrepackaged_Post_Request: + type: object + properties: + prepackagedTimelines: + items: + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + ApiTimelinePrepackaged_Post_Response_500: + type: object + properties: + body: + type: string + statusCode: + type: number + ApiTimelines_Get_Response_200: + type: object + properties: + customTemplateTimelineCount: + description: The amount of custom Timeline templates in the results + example: 2 + type: number + defaultTimelineCount: + description: The amount of `default` type Timelines in the results + example: 90 + type: number + elasticTemplateTimelineCount: + description: The amount of Elastic's Timeline templates in the results + example: 8 + type: number + favoriteCount: + description: The amount of favorited Timelines + example: 5 + type: number + templateTimelineCount: + description: The amount of Timeline templates in the results + example: 10 + type: number + timeline: + items: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + type: array + totalCount: + description: The total amount of results + example: 100 + type: number + required: + - timeline + - totalCount + ApiTimelines_Get_Response_400: + type: object + properties: + body: + description: The error message + example: get timeline error + type: string + statusCode: + example: 405 + type: number + ApiUptimeSettings_Get_Response_200: + type: object + ApiUptimeSettings_Put_Request: + type: object + properties: + certAgeThreshold: + default: 730 + description: The number of days after a certificate is created to trigger an alert. + type: number + certExpirationThreshold: + default: 30 + description: The number of days before a certificate expires to trigger an alert. + type: number + defaultConnectors: + default: [] + description: A list of connector IDs to be used as default connectors for new alerts. + type: array + defaultEmail: + $ref: '#/components/schemas/ApiUptimeSettings_Put_Request_DefaultEmail' + heartbeatIndices: + default: heartbeat-* + description: | + An index pattern string to be used within the Uptime app and alerts to query Heartbeat data. + type: string + ApiUptimeSettings_Put_Request_DefaultEmail: + description: | + The default email configuration for new alerts. + type: object + properties: + bcc: + default: [] + items: + type: string + type: array + cc: + default: [] + items: + type: string + type: array + to: + default: [] + items: + type: string + type: array + ApiUptimeSettings_Put_Response_200: + type: object + Alerting_fieldmap_properties_Properties: + additionalProperties: + $ref: '#/components/schemas/Alerting_fieldmap_properties_Properties_Value' + description: | + Details about the object properties. This property is applicable when `type` is `object`. + type: object + Alerting_fieldmap_properties_Properties_Value: + type: object + properties: + type: + description: The data type for each object property. + type: string + APM_UI_agent_keys_response_AgentKey: + description: Agent key + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + required: + - id + - name + - api_key + - encoded + APM_UI_annotation_search_response_Annotations_Item: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + APM_UI_create_annotation_object_Service: + description: The service that identifies the configuration to create or update. + type: object + properties: + environment: + description: The environment of the service. + type: string + version: + description: The version of the service. + type: string + required: + - version + APM_UI_create_annotation_response__source: + description: Response + type: object + properties: + '@timestamp': + type: string + annotation: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Annotation' + event: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Event' + message: + type: string + service: + $ref: '#/components/schemas/APM_UI_create_annotation_response__source_Service' + tags: + items: + type: string + type: array + APM_UI_create_annotation_response__source_Annotation: + type: object + properties: + title: + type: string + type: + type: string + APM_UI_create_annotation_response__source_Event: + type: object + properties: + created: + type: string + APM_UI_create_annotation_response__source_Service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + APM_UI_single_agent_configuration_response_1: + type: object + properties: + id: + type: string + required: + - id + APM_UI_source_maps_response_Artifacts_1: + type: object + properties: + body: + $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_Body' + APM_UI_source_maps_response_Artifacts_Body: + type: object + properties: + bundleFilepath: + type: string + serviceName: + type: string + serviceVersion: + type: string + sourceMap: + $ref: '#/components/schemas/APM_UI_source_maps_response_Artifacts_Body_SourceMap' + APM_UI_source_maps_response_Artifacts_Body_SourceMap: + type: object + properties: + file: + type: string + mappings: + type: string + sourceRoot: + type: string + sources: + items: + type: string + type: array + sourcesContent: + items: + type: string + type: array + version: + type: number + APM_UI_upload_source_maps_response_1: + type: object + properties: + body: + type: string + Cases_alert_comment_response_properties_Created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_alert_comment_response_properties_Pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_alert_comment_response_properties_Rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + Cases_alert_comment_response_properties_Updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_alert_identifiers_1: + type: string + Cases_alert_identifiers_2: + items: + type: string + maxItems: 1000 + type: array + Cases_alert_indices_1: + type: string + Cases_alert_indices_2: + items: + type: string + maxItems: 1000 + type: array + Cases_assignees_Item: + type: object + properties: + uid: + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + type: string + required: + - uid + Cases_case_response_properties_CustomFields_Item: + type: object + properties: + key: + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. + type: string + type: + description: | + The custom field type. It must match the type specified in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. + oneOf: + - $ref: '#/components/schemas/Cases_case_response_properties_CustomFields_Value_1' + - $ref: '#/components/schemas/Cases_case_response_properties_CustomFields_Value_2' + Cases_case_response_properties_CustomFields_Value_1: + maxLength: 160 + minLength: 1 + nullable: true + type: string + Cases_case_response_properties_CustomFields_Value_2: + type: boolean + Cases_connector_properties_jira_Fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + properties: + issueType: + description: The type of issue. + nullable: true + type: string + parent: + description: The key of the parent issue, when the issue type is sub-task. + nullable: true + type: string + priority: + description: The priority of the issue. + nullable: true + type: string + required: + - issueType + - parent + - priority + Cases_connector_properties_resilient_Fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + nullable: true + type: object + properties: + issueTypes: + description: The type of incident. + items: + type: string + type: array + severityCode: + description: The severity code of the incident. + type: string + required: + - issueTypes + - severityCode + Cases_connector_properties_servicenow_Fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + impact: + description: The effect an incident had on business. + nullable: true + type: string + severity: + description: The severity of the incident. + nullable: true + type: string + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + urgency: + description: The extent to which the incident resolution can be delayed. + nullable: true + type: string + required: + - category + - impact + - severity + - subcategory + - urgency + Cases_connector_properties_servicenow_sir_Fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + destIp: + description: Indicates whether cases will send a comma-separated list of destination IPs. + nullable: true + type: boolean + malwareHash: + description: Indicates whether cases will send a comma-separated list of malware hashes. + nullable: true + type: boolean + malwareUrl: + description: Indicates whether cases will send a comma-separated list of malware URLs. + nullable: true + type: boolean + priority: + description: The priority of the issue. + nullable: true + type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + Cases_connector_properties_swimlane_Fields: + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + nullable: true + type: string + required: + - caseId + Cases_create_case_request_CustomFields_Item: + type: object + properties: + key: + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. + type: string + type: + description: | + The custom field type. It must match the type specified in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. + oneOf: + - $ref: '#/components/schemas/Cases_create_case_request_CustomFields_Value_1' + - $ref: '#/components/schemas/Cases_create_case_request_CustomFields_Value_2' + required: + - key + - type + - value + Cases_create_case_request_CustomFields_Value_1: + maxLength: 160 + minLength: 1 + nullable: true + type: string + Cases_create_case_request_CustomFields_Value_2: + type: boolean + Cases_external_service_Pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + Cases_payload_alert_comment_Comment: + type: object + properties: + alertId: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment_Comment_AlertId_1' + - $ref: '#/components/schemas/Cases_payload_alert_comment_Comment_AlertId_2' + index: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment_Comment_Index_1' + - $ref: '#/components/schemas/Cases_payload_alert_comment_Comment_Index_2' + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + $ref: '#/components/schemas/Cases_payload_alert_comment_Comment_Rule' + type: + enum: + - alert + type: string + Cases_payload_alert_comment_Comment_AlertId_1: + example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + type: string + Cases_payload_alert_comment_Comment_AlertId_2: + items: + type: string + type: array + Cases_payload_alert_comment_Comment_Index_1: + example: .alerts-observability.logs.alerts-default + type: string + Cases_payload_alert_comment_Comment_Index_2: + items: + type: string + type: array + Cases_payload_alert_comment_Comment_Rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + Cases_payload_connector_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/Cases_payload_connector_Connector_Fields' + id: + description: The identifier for the connector. To create a case without a connector, use `none`. + example: none + type: string + name: + description: The name of the connector. To create a case without a connector, use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_connector_Connector_Fields: + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + type: string + destIp: + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: The effect an incident had on business for ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. + type: string + priority: + description: The priority of the issue for Jira and ServiceNow SecOps connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: The severity code of the incident for IBM Resilient connectors. + type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident for ServiceNow ITSM connectors. + type: string + urgency: + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. + type: string + Cases_payload_create_case_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/Cases_payload_create_case_Connector_Fields' + id: + description: The identifier for the connector. To create a case without a connector, use `none`. + example: none + type: string + name: + description: The name of the connector. To create a case without a connector, use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case_Connector_Fields: + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + type: string + destIp: + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: The effect an incident had on business for ServiceNow ITSM connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. + type: string + priority: + description: The priority of the issue for Jira and ServiceNow SecOps connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: The severity code of the incident for IBM Resilient connectors. + type: string + sourceIp: + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident for ServiceNow ITSM connectors. + type: string + urgency: + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. + type: string + Cases_payload_user_comment_Comment: + type: object + properties: + comment: + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + type: + enum: + - user + type: string + Cases_set_case_configuration_request_Connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + $ref: '#/components/schemas/Cases_set_case_configuration_request_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + Cases_set_case_configuration_request_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + Cases_set_case_configuration_request_CustomFields_Item: + type: object + properties: + defaultValue: + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/Cases_set_case_configuration_request_CustomFields_DefaultValue_1' + - $ref: '#/components/schemas/Cases_set_case_configuration_request_CustomFields_DefaultValue_2' + key: + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. + type: boolean + required: + - key + - label + - required + - type + Cases_set_case_configuration_request_CustomFields_DefaultValue_1: + type: string + Cases_set_case_configuration_request_CustomFields_DefaultValue_2: + type: boolean + Cases_templates_Item: + type: object + properties: + caseFields: + $ref: '#/components/schemas/Cases_templates_CaseFields' + description: + description: A description for the template. + type: string + key: + description: | + A unique key for the template. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific template. + type: string + name: + description: The name of the template. + type: string + tags: + $ref: '#/components/schemas/Cases_template_tags' + Cases_templates_CaseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + $ref: '#/components/schemas/Cases_templates_CaseFields_Connector' + customFields: + description: Custom field values in the template. + items: + $ref: '#/components/schemas/Cases_templates_CaseFields_CustomFields_Item' + type: array + x-state: Technical preview + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + Cases_templates_CaseFields_Connector: + type: object + properties: + fields: + $ref: '#/components/schemas/Cases_templates_CaseFields_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_templates_CaseFields_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + Cases_templates_CaseFields_CustomFields_Item: + type: object + properties: + key: + description: The unique key for the custom field. + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + value: + description: | + The default value for the custom field when a case uses the template. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/Cases_templates_CaseFields_CustomFields_Value_1' + - $ref: '#/components/schemas/Cases_templates_CaseFields_CustomFields_Value_2' + Cases_templates_CaseFields_CustomFields_Value_1: + type: string + Cases_templates_CaseFields_CustomFields_Value_2: + type: boolean + Cases_update_case_configuration_request_Connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + $ref: '#/components/schemas/Cases_update_case_configuration_request_Connector_Fields' + id: + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. + example: none + type: string + name: + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + Cases_update_case_configuration_request_Connector_Fields: + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. + nullable: true + type: object + Cases_update_case_configuration_request_CustomFields_Item: + type: object + properties: + defaultValue: + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. + oneOf: + - $ref: '#/components/schemas/Cases_update_case_configuration_request_CustomFields_DefaultValue_1' + - $ref: '#/components/schemas/Cases_update_case_configuration_request_CustomFields_DefaultValue_2' + key: + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. + type: boolean + required: + - key + - label + - required + - type + Cases_update_case_configuration_request_CustomFields_DefaultValue_1: + type: string + Cases_update_case_configuration_request_CustomFields_DefaultValue_2: + type: boolean + Cases_update_case_request_Cases_Item: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: | + Custom field values for a case. Any optional custom fields that are not specified in the request are set to null. + items: + $ref: '#/components/schemas/Cases_update_case_request_Cases_CustomFields_Item' + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + maxLength: 30000 + type: string + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: | + The current version of the case. To determine this value, use the get case or search cases (`_find`) APIs. + type: string + required: + - id + - version + Cases_update_case_request_Cases_CustomFields_Item: + type: object + properties: + key: + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. + type: string + type: + description: | + The custom field type. It must match the type specified in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. + oneOf: + - $ref: '#/components/schemas/Cases_update_case_request_Cases_CustomFields_Value_1' + - $ref: '#/components/schemas/Cases_update_case_request_Cases_CustomFields_Value_2' + required: + - key + - type + - value + Cases_update_case_request_Cases_CustomFields_Value_1: + maxLength: 160 + minLength: 1 + nullable: true + type: string + Cases_update_case_request_Cases_CustomFields_Value_2: + type: boolean + Cases_user_actions_find_response_properties_Created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Data_views_create_data_view_request_object_Data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_FieldAttrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_Fields' + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_create_data_view_request_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + Data_views_create_data_view_request_object_Data_view_FieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + Data_views_create_data_view_request_object_Data_view_Fields: + type: object + Data_views_create_data_view_request_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Data_views_data_view_response_object_Data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_FieldAttrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_Fields' + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_data_view_response_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_data_view_response_object_Data_view_FieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + Data_views_data_view_response_object_Data_view_Fields: + type: object + Data_views_data_view_response_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Data_views_runtimefieldmap_Script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + Data_views_sourcefilters_Item: + type: object + properties: + value: + type: string + required: + - value + Data_views_swap_data_view_request_object_ForId_1: + type: string + Data_views_swap_data_view_request_object_ForId_2: + items: + type: string + type: array + Data_views_typemeta_Aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + Data_views_typemeta_Params: + description: Properties for retrieving rollup fields. + type: object + Data_views_typemeta_response_Aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + Data_views_typemeta_response_Params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object_Data_view: + description: | + The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view_Fields' + name: + type: string + runtimeFieldMap: + $ref: '#/components/schemas/Data_views_update_data_view_request_object_Data_view_RuntimeFieldMap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + Data_views_update_data_view_request_object_Data_view_Fields: + type: object + Data_views_update_data_view_request_object_Data_view_RuntimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + Kibana_HTTP_APIs_core_status_redactedResponse_Status: + additionalProperties: false + type: object + properties: + overall: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse_Status_Overall' + required: + - overall + Kibana_HTTP_APIs_core_status_redactedResponse_Status_Overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + Kibana_HTTP_APIs_core_status_response_Metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Metrics_Elasticsearch_client' + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + Kibana_HTTP_APIs_core_status_response_Metrics_Elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + Kibana_HTTP_APIs_core_status_response_Status: + additionalProperties: false + type: object + properties: + core: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core' + overall: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Overall' + plugins: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins' + required: + - overall + - core + - plugins + Kibana_HTTP_APIs_core_status_response_Status_Core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch' + http: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Http' + savedObjects: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects' + required: + - elasticsearch + - savedObjects + Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_Elasticsearch_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Core_Http: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_Http_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_Http_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Core_SavedObjects_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Overall_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Overall_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Plugins: + additionalProperties: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins_Value' + description: A dynamic mapping of plugin ID to plugin status. + type: object + Kibana_HTTP_APIs_core_status_response_Status_Plugins_Value: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response_Status_Plugins_Meta' + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + Kibana_HTTP_APIs_core_status_response_Status_Plugins_Meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + Kibana_HTTP_APIs_core_status_response_Version: + additionalProperties: false + type: object + properties: + build_date: + description: The date and time of this build. + type: string + build_flavor: + description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. + enum: + - serverless + - traditional + type: string + build_hash: + description: A unique hash value representing the git commit of this Kibana build. + type: string + build_number: + description: A monotonically increasing number, each subsequent build will have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. + type: boolean + number: + description: A semantic version number. + type: string + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date + Machine_learning_APIs_mlSync200Response_DatafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. + type: object + Machine_learning_APIs_mlSync200Response_DatafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Anomaly-detector: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If saved objects are missing for anomaly detection jobs, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Data-frame-analytics: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If saved objects are missing for data frame analytics jobs, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated_Trained-model: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If saved objects are missing for trained models, they are created. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Anomaly-detector: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Data-frame-analytics: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted_Trained-model: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If there are saved objects exist for nonexistent trained models, they are deleted. + type: object + Observability_AI_Assistant_API_Function_Parameters: + description: The parameters of the function. + type: object + Observability_AI_Assistant_API_Instruction_1: + description: A simple instruction represented as a string. + type: string + Observability_AI_Assistant_API_Instruction_2: + description: A detailed instruction with an ID and text. + type: object + properties: + id: + description: A unique identifier for the instruction. + type: string + text: + description: The text of the instruction. + type: string + required: + - id + - text + Observability_AI_Assistant_API_Message_Message: + description: The main content of the message. + type: object + properties: + content: + description: The content of the message. + type: string + data: + description: Additional data associated with the message. + type: string + event: + description: The event related to the message. + type: string + function_call: + $ref: '#/components/schemas/Observability_AI_Assistant_API_FunctionCall' + name: + description: The name associated with the message. + type: string + role: + $ref: '#/components/schemas/Observability_AI_Assistant_API_MessageRoleEnum' + required: + - role + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + description: List of errors that occurred during the bulk operation. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_DocumentEntry_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + - namespace + - global + - users + Security_AI_Assistant_API_DocumentEntryCreateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + Security_AI_Assistant_API_DocumentEntryUpdateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + Security_AI_Assistant_API_EsqlContentReference_2: + type: object + properties: + label: + description: Label of the query + example: High Severity Alerts + type: string + query: + description: An ESQL query + example: SELECT * FROM alerts WHERE severity = "high" + type: string + timerange: + $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference_Timerange' + type: + enum: + - EsqlQuery + example: EsqlQuery + type: string + required: + - type + - query + - label + Security_AI_Assistant_API_EsqlContentReference_Timerange: + description: Time range to select in the time picker. + type: object + properties: + from: + example: '2025-04-01T00:00:00Z' + type: string + to: + example: '2025-04-30T23:59:59Z' + type: string + required: + - from + - to + Security_AI_Assistant_API_HrefContentReference_2: + type: object + properties: + href: + description: URL to the external resource + type: string + label: + description: Label of the query + type: string + type: + enum: + - Href + type: string + required: + - type + - href + Security_AI_Assistant_API_IndexEntry_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + - namespace + - global + - users + Security_AI_Assistant_API_IndexEntryCreateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - name + Security_AI_Assistant_API_IndexEntryUpdateFields_1: + type: object + properties: + global: + description: Whether this Knowledge Base Entry is global, defaults to false. + example: false + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + name: + description: Name of the Knowledge Base Entry. + example: Example Entry + type: string + namespace: + description: Kibana Space, defaults to 'default' space. + example: default + type: string + users: + description: Users who have access to the Knowledge Base Entry, defaults to current user. Empty array provides access to all users. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + Security_AI_Assistant_API_InputSchema_Item: + type: object + properties: + description: + description: Description of the field. + example: The title of the document. + type: string + fieldName: + description: Name of the field. + example: title + type: string + fieldType: + description: Type of the field. + example: string + type: string + required: + - fieldName + - fieldType + - description + Security_AI_Assistant_API_InputTextInterruptResumeValue_2: + type: object + properties: + type: + enum: + - INPUT_TEXT + example: INPUT_TEXT + type: string + value: + description: Text value used to resume the graph execution with. + example: .logs* + type: string + required: + - value + - type + Security_AI_Assistant_API_InputTextInterruptValue_2: + type: object + properties: + description: + description: Description of action required + example: What is the index you would like to use for the query. + type: string + placeholder: + description: Placeholder text for the input field + example: Enter index pattern here... + type: string + type: + enum: + - INPUT_TEXT + example: INPUT_TEXT + type: string + required: + - type + Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + description: List of errors encountered during the bulk action. + example: + - err_code: UPDATE_FAILED + knowledgeBaseEntries: + - id: '456' + name: Error Entry + message: Failed to update entry. + statusCode: 400 + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedKnowledgeBaseEntryError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_KnowledgeBaseEntryContentReference_2: + type: object + properties: + knowledgeBaseEntryId: + description: Id of the Knowledge Base Entry + example: kbentry456 + type: string + knowledgeBaseEntryName: + description: Name of the knowledge base entry + example: Network Security Best Practices + type: string + type: + enum: + - KnowledgeBaseEntry + example: KnowledgeBaseEntry + type: string + required: + - type + - knowledgeBaseEntryId + - knowledgeBaseEntryName + Security_AI_Assistant_API_ProductDocumentationContentReference_2: + type: object + properties: + title: + description: Title of the documentation + example: Getting Started with Security AI Assistant + type: string + type: + enum: + - ProductDocumentation + example: ProductDocumentation + type: string + url: + description: URL to the documentation + example: https://docs.example.com/security-ai-assistant + type: string + required: + - type + - title + - url + Security_AI_Assistant_API_PromptsBulkCrudActionResponse_Attributes: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' + type: array + results: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' + required: + - results + - summary + Security_AI_Assistant_API_SecurityAlertContentReference_2: + type: object + properties: + alertId: + description: ID of the Alert + example: alert789 + type: string + type: + enum: + - SecurityAlert + example: SecurityAlert + type: string + required: + - type + - alertId + Security_AI_Assistant_API_SecurityAlertsPageContentReference_2: + type: object + properties: + type: + enum: + - SecurityAlertsPage + example: SecurityAlertsPage + type: string + required: + - type + Security_AI_Assistant_API_SelectOptionInterruptResumeValue_2: + type: object + properties: + type: + enum: + - SELECT_OPTION + example: SELECT_OPTION + type: string + value: + description: The value of the selected option to resume the graph execution with + example: option_1 + type: string + required: + - value + - type + Security_AI_Assistant_API_SelectOptionInterruptValue_2: + type: object + properties: + description: + description: Description of action required + example: Select one of the options + type: string + options: + description: List of actions to choose from + example: + - label: Option 1 + - label: Option 2 + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_SelectOptionInterruptOption' + type: array + type: + enum: + - SELECT_OPTION + example: SELECT_OPTION + type: string + required: + - type + - description + - options + Security_AI_Assistant_API_Vector_Tokens: + additionalProperties: + type: number + description: Tokens with their corresponding values. + example: + token1: 0.123 + token2: 0.456 + type: object + Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Api_config_2: + type: object + properties: + name: + description: The name of the connector + type: string + required: + - name + Security_Attack_discovery_API_AttackDiscoveryApiScheduleParams_Combined_filter: + additionalProperties: true + type: object + Security_Attack_discovery_API_AttackDiscoveryGeneration_Connector_stats: + description: Stats applicable to the connector for this generation + type: object + properties: + average_successful_duration_nanoseconds: + description: The average duration (avg event.duration) in nanoseconds of successful generations for the same connector id, for the current user + type: number + successful_generations: + description: The number of successful generations for the same connector id, for the current user + type: number + Security_Attack_discovery_API_AttackDiscoveryGenerationConfig_Filter: + additionalProperties: true + description: |- + An Elasticsearch-style query DSL object used to filter alerts. For example: + ```json { + "filter": { + "bool": { + "must": [], + "filter": [ + { + "bool": { + "should": [ + { + "term": { + "user.name": { "value": "james" } + } + } + ], + "minimum_should_match": 1 + } + } + ], + "should": [], + "must_not": [] + } + } + } ``` + type: object + Security_Attack_discovery_API_Query_Query_1: + type: string + Security_Attack_discovery_API_Query_Query_2: + additionalProperties: true + type: object + Security_Detections_API_AlertsIndexMigrationError_Error: + type: object + properties: + message: + type: string + status_code: + type: string + required: + - message + - status_code + Security_Detections_API_AlertsSort_2: + items: + $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' + type: array + Security_Detections_API_AlertsSortCombinations_1: + type: string + Security_Detections_API_AlertsSortCombinations_2: + additionalProperties: true + type: object + Security_Detections_API_BulkActionEditPayloadRuleActions_Value: + type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' + type: array + throttle: + $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' + required: + - actions + Security_Detections_API_BulkActionEditPayloadSchedule_Value: + type: object + properties: + interval: + description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + lookback: + description: | + Lookback time for the rules. + + Additional look-back time that the rule analyzes. For example, "10m" means the rule analyzes the last 10 minutes of data in addition to the frequency interval. + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + required: + - interval + - lookback + Security_Detections_API_BulkActionEditPayloadTimeline_Value: + type: object + properties: + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + required: + - timeline_id + - timeline_title + Security_Detections_API_BulkDuplicateRules_Duplicate: + description: Duplicate object that describes applying an update action. + type: object + properties: + include_exceptions: + description: Whether to copy exceptions from the original rule + type: boolean + include_expired_exceptions: + description: Whether to copy expired exceptions from the original rule + type: boolean + required: + - include_exceptions + - include_expired_exceptions + Security_Detections_API_BulkEditActionResponse_Attributes: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' + type: array + results: + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' + summary: + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' + required: + - results + - summary + Security_Detections_API_BulkManualRuleFillGaps_Fill_gaps: + description: Object that describes applying a manual gap fill action for the specified time range. + type: object + properties: + end_date: + description: End date of the manual gap fill + type: string + start_date: + description: Start date of the manual gap fill + type: string + required: + - start_date + - end_date + Security_Detections_API_BulkManualRuleRun_Run: + description: Object that describes applying a manual rule run action. + type: object + properties: + end_date: + description: End date of the manual rule run + type: string + start_date: + description: Start date of the manual rule run + type: string + required: + - start_date + - end_date + Security_Detections_API_CloseAlertsByQuery_Query: + additionalProperties: true + type: object + Security_Detections_API_EcsMapping_Value: + type: object + properties: + field: + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value_1' + - $ref: '#/components/schemas/Security_Detections_API_EcsMapping_Value_2' + Security_Detections_API_EcsMapping_Value_1: + type: string + Security_Detections_API_EcsMapping_Value_2: + items: + type: string + type: array + Security_Detections_API_EqlRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_EqlRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_EqlRulePatchFields_1: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - eql + type: string + Security_Detections_API_EqlRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_EqlRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ErrorSchema_Error: + type: object + properties: + message: + type: string + status_code: + minimum: 400 + type: integer + required: + - status_code + - message + Security_Detections_API_EsqlRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_EsqlRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_EsqlRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + type: + description: Rule type + enum: + - esql + type: string + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_EsqlRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ExternalRuleCustomizedFields_Item: + type: object + properties: + field_name: + description: Name of a user-modified field in the rule object. + type: string + required: + - field_name + Security_Detections_API_MachineLearningJobId_1: + type: string + Security_Detections_API_MachineLearningJobId_2: + items: + type: string + minItems: 1 + type: array + Security_Detections_API_MachineLearningRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_MachineLearningRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_MachineLearningRulePatchFields_1: + type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' + type: + description: Rule type + enum: + - machine_learning + type: string + Security_Detections_API_MachineLearningRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_MachineLearningRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_MigrationCleanupResult_Error: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - message + - status_code + Security_Detections_API_MigrationFinalizationResult_Error: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - message + - status_code + Security_Detections_API_NewTermsRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_NewTermsRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_NewTermsRulePatchFields_1: + type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms + type: string + Security_Detections_API_NewTermsRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_NewTermsRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_NewTermsRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ProcessesParams_Config: + type: object + properties: + field: + description: Field to use instead of process.pid + type: string + overwrite: + default: true + description: Whether to overwrite field with process.pid + type: boolean + required: + - field + Security_Detections_API_QueryAlertsBodyParams__source_1: + type: boolean + Security_Detections_API_QueryAlertsBodyParams__source_2: + type: string + Security_Detections_API_QueryAlertsBodyParams__source_3: + items: + type: string + type: array + Security_Detections_API_QueryAlertsBodyParams_Aggs: + additionalProperties: true + type: object + Security_Detections_API_QueryAlertsBodyParams_Query: + additionalProperties: true + type: object + Security_Detections_API_QueryAlertsBodyParams_Runtime_mappings: + additionalProperties: true + type: object + Security_Detections_API_QueryRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_QueryRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_QueryRulePatchFields_1: + type: object + properties: + type: + description: Rule type + enum: + - query + type: string + Security_Detections_API_QueryRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_QueryRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + required: + - query + - language + Security_Detections_API_QueryRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_RiskScoreMapping_Item: + type: object + properties: + field: + description: Source event field used to override the default `risk_score`. + type: string + operator: + enum: + - equals + type: string + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + value: + type: string + required: + - field + - operator + - value + Security_Detections_API_RuleActionThrottle_1: + enum: + - no_actions + - rule + type: string + Security_Detections_API_RuleActionThrottle_2: + description: Time interval in seconds, minutes, hours, or days. + example: 1h + pattern: ^[1-9]\d*[smhd]$ + type: string + Security_Detections_API_RuleExecutionMetrics_Gap_range: + description: Range of the execution gap + type: object + properties: + gte: + description: Start date of the execution gap + type: string + lte: + description: End date of the execution gap + type: string + required: + - gte + - lte + Security_Detections_API_RuleExecutionSummary_Last_execution: + type: object + properties: + date: + description: Date of the last execution + format: date-time + type: string + message: + type: string + metrics: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' + status: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' + description: Status of the last execution + status_order: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' + required: + - date + - status + - status_order + - message + - metrics + Security_Detections_API_SavedQueryRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_SavedQueryRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_SavedQueryRulePatchFields_1: + type: object + properties: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type + enum: + - saved_query + type: string + Security_Detections_API_SavedQueryRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_SavedQueryRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_SavedQueryRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_SetAlertsStatusByQueryBase_Query: + additionalProperties: true + type: object + Security_Detections_API_SeverityMapping_Item: + type: object + properties: + field: + description: Source event field used to override the default `severity`. + type: string + operator: + enum: + - equals + type: string + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + value: + type: string + required: + - field + - operator + - severity + - value + Security_Detections_API_ThreatMapping_Item: + type: object + properties: + entries: + items: + $ref: '#/components/schemas/Security_Detections_API_ThreatMappingEntry' + type: array + required: + - entries + Security_Detections_API_ThreatMatchRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_ThreatMatchRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThreatMatchRulePatchFields_1: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match + type: string + Security_Detections_API_ThreatMatchRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_ThreatMatchRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThreatMatchRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThresholdCardinality_Item: + type: object + properties: + field: + description: The field on which to calculate and compare the cardinality. + type: string + value: + description: The threshold value from which an alert is generated based on unique number of values of cardinality.field. + minimum: 0 + type: integer + required: + - field + - value + Security_Detections_API_ThresholdField_1: + type: string + Security_Detections_API_ThresholdField_2: + items: + type: string + maxItems: 5 + minItems: 0 + type: array + Security_Detections_API_ThresholdRule_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + Security_Detections_API_ThresholdRuleCreateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Detections_API_ThresholdRulePatchFields_1: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold + type: string + Security_Detections_API_ThresholdRulePatchProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + Security_Detections_API_ThresholdRuleResponseFields_3: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThresholdRuleUpdateProps_1: + type: object + properties: + actions: + description: Array defining the automated actions (notifications) taken when alerts are generated. + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' + alias_target_id: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_UUID' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' + required_fields: + description: | + Elasticsearch fields and their types that need to be present for the rule to function. + > info + > The value of `required_fields` does not affect the rule’s behavior, and specifying it incorrectly won’t cause the rule to fail. Use `required_fields` as an informational property to document the fields that the rule expects to be present in the data. + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' + type: array + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + Security_Endpoint_Exceptions_API_EndpointList_2: + additionalProperties: false + type: object + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList_List: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' + required: + - id + - type + Security_Endpoint_Management_API_ActionStateSuccessResponse_Body: + type: object + properties: + data: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse_Body_Data' + required: + - data + Security_Endpoint_Management_API_ActionStateSuccessResponse_Body_Data: + type: object + properties: + canEncrypt: + type: boolean + Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body: + type: object + properties: + data: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body_Data' + required: + - data + Security_Endpoint_Management_API_ActionStatusSuccessResponse_Body_Data: + type: object + properties: + agent_id: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + pending_actions: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' + required: + - agent_id + - pending_actions + Security_Endpoint_Management_API_AgentIds_1: + items: + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + Security_Endpoint_Management_API_AgentIds_2: + minLength: 1 + type: string + Security_Endpoint_Management_API_ApiPageSize_2: + maximum: 1000 + Security_Endpoint_Management_API_Cancel_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Parameters' + Security_Endpoint_Management_API_Cancel_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs_Value' + type: object + Security_Endpoint_Management_API_Cancel_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Cancel_Outputs_Content' + Security_Endpoint_Management_API_Cancel_Outputs_Content: + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Cancel_Parameters: + type: object + properties: + id: + format: uuid + type: string + Security_Endpoint_Management_API_CancelRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_CancelRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CancelRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_CancelRouteRequestBody_Parameters: + type: object + properties: + id: + description: ID of the response action to cancel + example: 7f8c9b2a-4d3e-4f5a-8b1c-2e3f4a5b6c7d + minLength: 1 + type: string + required: + - id + Security_Endpoint_Management_API_Execute_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Parameters' + Security_Endpoint_Management_API_Execute_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs_Value' + type: object + Security_Endpoint_Management_API_Execute_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Execute_Outputs_Content_2' + Security_Endpoint_Management_API_Execute_Outputs_Content_2: + type: object + properties: + code: + type: string + cwd: + type: string + output_file_id: + type: string + output_file_stderr_truncated: + type: boolean + output_file_stdout_truncated: + type: boolean + shell_code: + type: number + stderr: + type: string + stderr_truncated: + type: boolean + stdout: + type: string + stdout_truncated: + type: boolean + Security_Endpoint_Management_API_Execute_Parameters: + type: object + properties: + command: + type: string + timeout: + type: number + Security_Endpoint_Management_API_ExecuteRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_ExecuteRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_ExecuteRouteRequestBody_Parameters: + type: object + properties: + command: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' + timeout: + description: The maximum timeout value in seconds before the command is terminated. + minimum: 1 + type: integer + required: + - command + Security_Endpoint_Management_API_GetFile_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Parameters' + Security_Endpoint_Management_API_GetFile_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Value' + type: object + Security_Endpoint_Management_API_GetFile_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Content_2' + Security_Endpoint_Management_API_GetFile_Outputs_Content_2: + type: object + properties: + code: + type: string + contents: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFile_Outputs_Content_Contents_Item' + type: array + zip_size: + type: number + Security_Endpoint_Management_API_GetFile_Outputs_Content_Contents_Item: + type: object + properties: + file_name: + type: string + path: + type: string + sha256: + type: string + size: + type: number + type: + type: string + Security_Endpoint_Management_API_GetFile_Parameters: + type: object + properties: + path: + type: string + Security_Endpoint_Management_API_GetFileRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_GetFileRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_GetFileRouteRequestBody_Parameters: + type: object + properties: + path: + type: string + required: + - path + Security_Endpoint_Management_API_KillProcess_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Parameters_3' + Security_Endpoint_Management_API_KillProcess_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Value' + type: object + Security_Endpoint_Management_API_KillProcess_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcess_Outputs_Content_3' + Security_Endpoint_Management_API_KillProcess_Outputs_Content_1: + type: object + properties: + code: + type: string + command: + type: string + pid: + type: number + Security_Endpoint_Management_API_KillProcess_Outputs_Content_2: + type: object + properties: + code: + type: string + command: + type: string + entity_id: + type: string + Security_Endpoint_Management_API_KillProcess_Outputs_Content_3: + type: object + properties: + code: + type: string + command: + type: string + process_name: + type: string + Security_Endpoint_Management_API_KillProcess_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + minimum: 1 + type: number + Security_Endpoint_Management_API_KillProcess_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + minLength: 1 + type: string + Security_Endpoint_Management_API_KillProcess_Parameters_3: + type: object + properties: + process_name: + description: The name of the process to terminate. Valid for SentinelOne agent type only. + type: string + Security_Endpoint_Management_API_KillProcessRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_KillProcessRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string + Security_Endpoint_Management_API_KillProcessRouteRequestBody_Parameters_3: + type: object + properties: + process_name: + description: The name of the process to terminate. Valid for SentinelOne agent type only. + example: Elastic + minLength: 1 + type: string + Security_Endpoint_Management_API_MemoryDump_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_MemoryDump_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs_Value' + type: object + Security_Endpoint_Management_API_MemoryDump_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDump_Outputs_Content' + Security_Endpoint_Management_API_MemoryDump_Outputs_Content: + properties: + code: + type: string + disk_free_space: + description: The free space on the host machine in bytes after the memory dump is written to disk + type: number + file_size: + description: The size of the memory dump compressed file in bytes + type: string + path: + description: The path to the memory dump compressed file on the host machine + type: string + title: Memory dump output + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_1: + properties: + type: + description: Kernel-level memory dump + enum: + - kernel + type: string + required: + - type + title: Kernel memory dump + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_2: + properties: + pid: + description: The process ID (PID) + type: number + type: + description: Process-level memory dump using a process ID + enum: + - process + type: string + required: + - type + - pid + title: Process memory dump with PID + type: object + Security_Endpoint_Management_API_MemoryDump_Parameters_3: + properties: + entity_id: + description: The process entity ID + type: string + type: + description: Process-level memory dump using an entity ID + enum: + - process + type: string + required: + - type + - entity_id + title: Process memory dump with entity ID + type: object + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_2' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_3' + required: + - parameters + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_1: + description: Dump the entire kernel memory. + type: object + properties: + type: + enum: + - kernel + type: string + required: + - type + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_2: + description: Dump the entire memory of a process using the PID. + type: object + properties: + pid: + type: number + type: + enum: + - process + type: string + required: + - type + - pid + Security_Endpoint_Management_API_MemoryDumpRouteRequestBody_Parameters_3: + description: Dump the entire memory of a process using the entity ID. + type: object + properties: + entity_id: + type: string + type: + enum: + - process + type: string + required: + - type + - entity_id + Security_Endpoint_Management_API_PendingActionsSchema_1: + type: object + properties: + execute: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + get-file: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + isolate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + kill-process: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + running-processes: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + scan: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + suspend-process: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + unisolate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + upload: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' + Security_Endpoint_Management_API_PendingActionsSchema_2: + additionalProperties: true + type: object + Security_Endpoint_Management_API_ResponseActionDetails_AgentState: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_AgentState_Value' + description: The state of the response action for each agent ID that it was sent to + type: object + Security_Endpoint_Management_API_ResponseActionDetails_AgentState_Value: + format: uuid + type: object + properties: + completedAt: + description: The date and time the response action was completed for the agent ID + type: string + isCompleted: + description: Whether the response action is completed for the agent ID + type: boolean + wasSuccessful: + description: Whether the response action was successful for the agent ID + type: boolean + Security_Endpoint_Management_API_ResponseActionDetails_Hosts: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Hosts_Value' + description: An object containing the host names associated with the agent IDs the response action was sent to + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Hosts_Value: + format: uuid + type: object + properties: + name: + description: The host name + type: string + Security_Endpoint_Management_API_ResponseActionDetails_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Value' + description: | + The outputs of the response action for each agent ID that it was sent to. Content different depending on the + response action command and will only be present for agents that have responded to the response action + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Value: + description: The agent id + format: uuid + properties: + content: + description: The response action output content for the agent ID. Exact format depends on the response action command. + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_2' + type: + enum: + - json + - text + type: string + required: + - type + - content + title: Agent ID + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_1: + type: object + Security_Endpoint_Management_API_ResponseActionDetails_Outputs_Content_2: + type: string + Security_Endpoint_Management_API_ResponseActionDetails_Parameters: + description: The parameters of the response action. Content different depending on the response action command + type: object + Security_Endpoint_Management_API_RunningProcesses_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_Outputs' + Security_Endpoint_Management_API_RunningProcesses_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcesses_Outputs_Value' + type: object + Security_Endpoint_Management_API_RunningProcesses_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputEndpoint' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne' + Security_Endpoint_Management_API_RunningProcessesOutputEndpoint_Entries_Item: + type: object + properties: + command: + type: string + entity_id: + type: string + pid: + type: number + user: + type: string + Security_Endpoint_Management_API_RunningProcessesOutputSentinelOne_2: + description: Processes output for `agentType` of `sentinel_one` + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Runscript_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsCrowdStrike' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsMicrosoft' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RunscriptParamsSentinelOne' + Security_Endpoint_Management_API_Runscript_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs_Value' + type: object + Security_Endpoint_Management_API_Runscript_Outputs_Value: + type: object + properties: + content: + allOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_DownloadUri' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Runscript_Outputs_Content_2' + Security_Endpoint_Management_API_Runscript_Outputs_Content_2: + type: object + properties: + code: + type: string + stderr: + type: string + stdout: + type: string + Security_Endpoint_Management_API_RunScriptRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_RunScriptRouteRequestBody_2: + type: object + properties: + parameters: + description: | + One of the following set of parameters must be provided + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_RawScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_HostPathScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_CloudFileScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SentinelOneRunScriptParameters' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_MDERunScriptParameters' + required: + - parameters + Security_Endpoint_Management_API_Scan_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Parameters' + Security_Endpoint_Management_API_Scan_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs_Value' + type: object + Security_Endpoint_Management_API_Scan_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Scan_Outputs_Content' + Security_Endpoint_Management_API_Scan_Outputs_Content: + type: object + properties: + code: + type: string + Security_Endpoint_Management_API_Scan_Parameters: + type: object + properties: + path: + type: string + Security_Endpoint_Management_API_ScanRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_ScanRouteRequestBody_2: + type: object + properties: + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody_Parameters' + required: + - parameters + Security_Endpoint_Management_API_ScanRouteRequestBody_Parameters: + type: object + properties: + path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt + type: string + required: + - path + Security_Endpoint_Management_API_SuspendProcess_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs' + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Parameters_2' + Security_Endpoint_Management_API_SuspendProcess_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Value' + type: object + Security_Endpoint_Management_API_SuspendProcess_Outputs_Value: + type: object + properties: + content: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_2' + Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_1: + type: object + properties: + code: + type: string + command: + type: string + pid: + type: number + Security_Endpoint_Management_API_SuspendProcess_Outputs_Content_2: + type: object + properties: + code: + type: string + command: + type: string + entity_id: + type: string + Security_Endpoint_Management_API_SuspendProcess_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + minimum: 1 + type: number + Security_Endpoint_Management_API_SuspendProcess_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + minLength: 1 + type: string + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_2: + type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_1' + - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_2' + required: + - parameters + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_1: + type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody_Parameters_2: + type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string + Security_Endpoint_Management_API_Upload_2: + type: object + properties: + outputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Parameters' + Security_Endpoint_Management_API_Upload_Outputs: + additionalProperties: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs_Value' + type: object + Security_Endpoint_Management_API_Upload_Outputs_Value: + type: object + properties: + content: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Upload_Outputs_Content' + Security_Endpoint_Management_API_Upload_Outputs_Content: + type: object + properties: + code: + type: string + disk_free_space: + type: number + path: + type: string + Security_Endpoint_Management_API_Upload_Parameters: + description: | + The parameters for upload returned on the details are derived via the API from the file that + was uploaded at the time that the response action was submitted + type: object + properties: + file_id: + type: string + file_name: + type: string + file_sha256: + type: string + file_size: + type: number + Security_Endpoint_Management_API_UploadRouteRequestBody_1: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + description: If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. + example: + - alert-id-1 + - alert-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + case_ids: + description: The IDs of cases where the action taken will be logged. + example: + - case-id-1 + - case-id-2 + items: + minLength: 1 + type: string + minItems: 1 + type: array + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + Security_Endpoint_Management_API_UploadRouteRequestBody_2: + type: object + properties: + file: + description: The binary content of the file. + example: RWxhc3RpYw== + format: binary + type: string + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody_Parameters' + required: + - parameters + - file + Security_Endpoint_Management_API_UploadRouteRequestBody_Parameters: + type: object + properties: + overwrite: + default: false + description: Overwrite the file on the host if it already exists. + example: false + type: boolean + Security_Endpoint_Management_API_UserIds_1: + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_UserIds_2: + minLength: 1 + type: string + Security_Endpoint_Management_API_WithOutputs_1: + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_WithOutputs_2: + minLength: 1 + type: string + Security_Entity_Analytics_API_AssetCriticalityRecord_3: + type: object + properties: + '@timestamp': + description: The time the record was created or updated. + example: '2017-07-21T17:32:28Z' + format: date-time + type: string + required: + - '@timestamp' + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - asset + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity_Asset' + id: + type: string + required: + - id + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Entity_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Host_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_Service_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User: + type: object + properties: + asset: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User_Asset' + name: + type: string + required: + - name + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts_User_Asset: + type: object + properties: + criticality: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality + Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse_Errors_Item: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse_Errors_Item: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + Security_Entity_Analytics_API_CreateAssetCriticalityRecord_2: + type: object + properties: + criticality_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' + required: + - criticality_level + Security_Entity_Analytics_API_EngineComponentStatus_Errors_Item: + type: object + properties: + message: + type: string + title: + type: string + Security_Entity_Analytics_API_EngineDataviewUpdateResult_Changes: + type: object + properties: + indexPatterns: + items: + type: string + type: array + Security_Entity_Analytics_API_EngineDescriptor_Error: + type: object + properties: + action: + enum: + - init + type: string + message: + type: string + required: + - message + - action + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges: + type: object + properties: + elasticsearch: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch' + kibana: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Kibana' + required: + - elasticsearch + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch: + type: object + properties: + cluster: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Cluster' + index: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index' + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Cluster: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index_Value' + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Elasticsearch_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityAnalyticsPrivileges_Privileges_Kibana: + additionalProperties: + type: boolean + type: object + Security_Entity_Analytics_API_EntityField_Attributes: + additionalProperties: false + type: object + properties: + asset: + type: boolean + managed: + type: boolean + mfa_enabled: + type: boolean + privileged: + type: boolean + Security_Entity_Analytics_API_EntityField_Behaviors: + additionalProperties: false + type: object + properties: + brute_force_victim: + type: boolean + new_country_login: + type: boolean + used_usb_device: + type: boolean + Security_Entity_Analytics_API_EntityField_Lifecycle: + additionalProperties: false + type: object + properties: + first_seen: + format: date-time + type: string + last_activity: + format: date-time + type: string + Security_Entity_Analytics_API_EntityField_Relationships: + additionalProperties: false + type: object + properties: + accessed_frequently_by: + items: + type: string + type: array + accesses_frequently: + items: + type: string + type: array + communicates_with: + items: + type: string + type: array + dependent_of: + items: + type: string + type: array + depends_on: + items: + type: string + type: array + owned_by: + items: + type: string + type: array + owns: + items: + type: string + type: array + supervised_by: + items: + type: string + type: array + supervises: + items: + type: string + type: array + Security_Entity_Analytics_API_EntityField_Risk: + additionalProperties: false + type: object + properties: + calculated_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' + description: Lexical description of the entity's risk. + example: Critical + calculated_score: + description: The raw numeric value of the given entity's risk score. + format: double + type: number + calculated_score_norm: + description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. + format: double + maximum: 100 + minimum: 0 + type: number + Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Item: + type: object + properties: + contribution: + format: double + type: number + metadata: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Metadata' + modifier_value: + format: double + type: number + subtype: + type: string + type: + type: string + required: + - type + - contribution + Security_Entity_Analytics_API_EntityRiskScoreRecord_Modifiers_Metadata: + additionalProperties: true + type: object + Security_Entity_Analytics_API_HostEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_HostEntity_Host: + additionalProperties: false + type: object + properties: + architecture: + items: + type: string + type: array + domain: + items: + type: string + type: array + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' + hostname: + items: + type: string + type: array + id: + items: + type: string + type: array + ip: + items: + type: string + type: array + mac: + items: + type: string + type: array + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + type: + items: + type: string + type: array + required: + - name + Security_Entity_Analytics_API_MonitoredUserDoc_2: + type: object + properties: + '@timestamp': + format: date-time + type: string + event: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_Event' + user: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User' + Security_Entity_Analytics_API_MonitoredUserDoc_Event: + type: object + properties: + '@timestamp': + format: date-time + type: string + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_MonitoredUserDoc_User: + type: object + properties: + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity' + is_privileged: + description: Indicates if the user is privileged. + type: boolean + name: + type: string + Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity: + type: object + properties: + attributes: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity_Attributes' + Security_Entity_Analytics_API_MonitoredUserDoc_User_Entity_Attributes: + type: object + properties: + Privileged: + description: Indicates if the user is privileged. + type: boolean + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Entity_analytics_monitoring: + type: object + properties: + labels: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoringLabel' + type: array + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_Labels: + type: object + properties: + source_ids: + items: + type: string + type: array + source_integrations: + items: + type: string + type: array + sources: + items: enum: - - service.name - - service.environment - - transaction.name - - error.grouping_key + - csv + - index_sync + - api + type: array + Security_Entity_Analytics_API_MonitoredUserUpdateDoc_User: + type: object + properties: + is_privileged: + description: Indicates if the user is privileged. + type: boolean + name: + type: string + Security_Entity_Analytics_API_MonitoringEngineDescriptor_Error: + type: object + properties: + message: + description: Error message typically only present if the engine is in error state + type: string + Security_Entity_Analytics_API_ServiceEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_ServiceEntity_Service: + additionalProperties: false + type: object + properties: + entity: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityField' + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + required: + - name + Security_Entity_Analytics_API_UserEntity_Event: + additionalProperties: false + type: object + properties: + ingested: + format: date-time + type: string + Security_Entity_Analytics_API_UserEntity_User: + additionalProperties: false + type: object + properties: + domain: + items: + type: string + type: array + email: + items: + type: string + type: array + full_name: + items: + type: string + type: array + hash: + items: + type: string + type: array + id: + items: + type: string + type: array + name: + type: string + risk: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' + additionalProperties: false + roles: + items: + type: string + type: array + required: + - name + Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring: + description: Entity analytics monitoring configuration for the user + type: object + properties: + labels: + description: Array of labels associated with the user + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring_Labels_Item' + type: array + Security_Entity_Analytics_API_UserName_Entity_analytics_monitoring_Labels_Item: + type: object + properties: + field: + description: The field name for the label + type: string + source: + description: The source where this label was created (api, csv, or index_sync) + enum: + - api + - csv + - index_sync + type: string + value: + description: The value of the label + type: string + Security_Entity_Analytics_API_UserName_User: + type: object + properties: + name: + description: The name of the user. + type: string + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Item: + type: object + properties: + field: + description: Certificate subject name + enum: + - subject_name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Match type for subject name + enum: + - match + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_1: + description: Single subject name (used with match) + type: string + Security_Exceptions_API_BlocklistWindowsCodeSignatureEntry_Entries_Value_2: + description: Array of subject names (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_CreateExceptionListItemGeneric_2: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple + type: object + properties: + entries: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + default: [] + required: + - list_id + - entries + Security_Exceptions_API_ExceptionListItemEntryList_List: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ListType' + required: + - id + - type + Security_Exceptions_API_ExceptionListsImportBulkError_Error: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Exceptions_API_HostIsolationProperties_Entries_Item: + type: object + properties: + field: + description: Must be destination.ip + enum: + - destination.ip + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Must be match + enum: + - match + type: string + value: + description: Valid IPv4 address or CIDR notation (e.g., "192.168.1.1" or "10.0.0.0/8") + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_1: + type: object + properties: + field: + enum: + - subject_name + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Certificate subject name + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppMacCodeSignatureEntry_Entries_2: + type: object + properties: + field: + enum: + - trusted + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Must be the string 'true' + enum: + - 'true' + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_1: + type: object + properties: + field: + enum: + - subject_name + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Certificate subject name + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedAppWindowsCodeSignatureEntry_Entries_2: + type: object + properties: + field: + enum: + - trusted + type: string + operator: + enum: + - included + type: string + type: + enum: + - match + type: string + value: + description: Must be the string 'true' + enum: + - 'true' + type: string + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesMacProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against (username not available for multi-OS) + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesWindowsMacProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Item: + type: object + properties: + field: + description: Device field to match against (user.name is Windows-only) + enum: + - device.serial_number + - device.type + - host.name + - device.vendor.name + - device.vendor.id + - device.product.id + - device.product.name + - user.name + type: string + operator: + description: Must be the value "included" + enum: + - included + type: string + type: + description: Entry match type + enum: + - match + - wildcard + - match_any + type: string + value: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_1' + - $ref: '#/components/schemas/Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_2' + required: + - field + - type + - value + - operator + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_1: + description: Single value (used with match or wildcard) + type: string + Security_Exceptions_API_TrustedDevicesWindowsProperties_Entries_Value_2: + description: Array of values (used with match_any) + items: + type: string + minItems: 1 + type: array + Security_Exceptions_API_UpdateExceptionListItemGeneric_2: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple + type: object + properties: + entries: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + os_types: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + required: + - entries + Security_Lists_API_ListItemPrivileges_Application: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListItemPrivileges_Cluster: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListItemPrivileges_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges_Index_Value' + type: object + Security_Lists_API_ListItemPrivileges_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Application: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Cluster: + additionalProperties: + type: boolean + type: object + Security_Lists_API_ListPrivileges_Index: + additionalProperties: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges_Index_Value' + type: object + Security_Lists_API_ListPrivileges_Index_Value: + additionalProperties: + type: boolean + type: object + Security_Osquery_API_CreateLiveQueryRequestBody_Metadata: + description: Custom metadata object associated with the live query. + nullable: true + type: object + Security_Osquery_API_ECSMappingItem_Value_1: + type: string + Security_Osquery_API_ECSMappingItem_Value_2: + items: + type: string + type: array + Security_Timeline_API_BareNote_2: + type: object + properties: + eventId: + description: The `_id` of the associated event for this note. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + nullable: true + type: string + note: + description: The text of the note + example: This is an example text + nullable: true + type: string + timelineId: + description: The `savedObjectId` of the Timeline that this note is associated with + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - timelineId + Security_Timeline_API_BarePinnedEvent_2: + type: object + properties: + eventId: + description: The `_id` of the associated event for this pinned event. + example: d3a1d35a3e84a81b2f8f3859e064c224cdee1b4bc + type: string + timelineId: + description: The `savedObjectId` of the timeline that this pinned event is associated with + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + required: + - eventId + - timelineId + Security_Timeline_API_DocumentIds_1: + items: + type: string + type: array + Security_Timeline_API_DocumentIds_2: + type: string + Security_Timeline_API_FilterTimelineResult_Meta: + nullable: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + nullable: true + type: string + disabled: + nullable: true + type: boolean + field: + nullable: true + type: string + formattedValue: + nullable: true + type: string + index: + nullable: true + type: string + key: + nullable: true + type: string + negate: + nullable: true + type: boolean + params: + nullable: true + type: string + type: + nullable: true + type: string + value: + nullable: true + type: string + Security_Timeline_API_ImportTimelineResult_Errors_Item: + type: object + properties: + error: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult_Errors_Error' + id: + description: The ID of the timeline that failed to import + example: 6ce1b592-84e3-4b4a-9552-f189d4b82075 + type: string + Security_Timeline_API_ImportTimelineResult_Errors_Error: + description: The error containing the reason why the timeline could not be imported + type: object + properties: + message: + description: The reason why the timeline could not be imported + example: Malformed JSON + type: string + status_code: + description: The HTTP status code of the error + example: 400 + type: number + Security_Timeline_API_ImportTimelines_2: + type: object + properties: + eventNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + globalNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + savedObjectId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - savedObjectId + - version + - pinnedEventIds + - eventNotes + - globalNotes + Security_Timeline_API_Note_2: + type: object + properties: + noteId: + description: The `savedObjectId` of the note + example: 709f99c6-89b6-4953-9160-35945c8e174e + type: string + version: + description: The version of the note + example: WzQ2LDFd + type: string + required: + - noteId + - version + Security_Timeline_API_PersistPinnedEventResponse_2: + type: object + properties: + unpinned: + description: Indicates whether the event was successfully unpinned + type: boolean + required: + - unpinned + Security_Timeline_API_PinnedEvent_2: + type: object + properties: + pinnedEventId: + description: The `savedObjectId` of this pinned event + example: 10r1929b-0af7-42bd-85a8-56e234f98h2f3 + type: string + version: + description: The version of this pinned event + example: WzQ2LDFe + type: string + required: + - pinnedEventId + - version + Security_Timeline_API_QueryMatchResult_Value_1: + nullable: true + type: string + Security_Timeline_API_QueryMatchResult_Value_2: + items: + type: string + nullable: true + type: array + Security_Timeline_API_SavedObjectIds_1: + items: + type: string + type: array + Security_Timeline_API_SavedObjectIds_2: + type: string + Security_Timeline_API_SavedTimeline_DateRange: + description: The Timeline's search period. + example: + end: 1587456479201 + start: 1587370079200 + nullable: true + type: object + properties: + end: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_End_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_End_2' + start: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_Start_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_DateRange_Start_2' + Security_Timeline_API_SavedTimeline_DateRange_End_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_DateRange_End_2: + nullable: true + type: number + Security_Timeline_API_SavedTimeline_DateRange_Start_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_DateRange_Start_2: + nullable: true + type: number + Security_Timeline_API_SavedTimeline_EqlOptions: + description: EQL query that is used in the correlation tab + example: + eventCategoryField: event.category + query: sequence\n[process where process.name == "sudo"]\n[any where true] + size: 100 + timestampField: '@timestamp' + nullable: true + type: object + properties: + eventCategoryField: + nullable: true + type: string + query: + nullable: true + type: string + size: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions_Size_1' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline_EqlOptions_Size_2' + tiebreakerField: + nullable: true + type: string + timestampField: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_EqlOptions_Size_1: + nullable: true + type: string + Security_Timeline_API_SavedTimeline_EqlOptions_Size_2: + nullable: true + type: number + Security_Timeline_API_SavedTimelineWithSavedObjectId_2: + type: object + properties: + savedObjectId: + description: The `savedObjectId` of the Timeline or Timeline template + example: 15c1929b-0af7-42bd-85a8-56e234cc7c4e + type: string + version: + description: The version of the Timeline or Timeline template + example: WzE0LDFd + type: string + required: + - savedObjectId + - version + Security_Timeline_API_SerializedFilterQueryResult_FilterQuery: + nullable: true + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult_FilterQuery_Kuery' + serializedQuery: + nullable: true + type: string + Security_Timeline_API_SerializedFilterQueryResult_FilterQuery_Kuery: + nullable: true + type: object + properties: + expression: + nullable: true + type: string + kind: + nullable: true + type: string + Security_Timeline_API_Sort_2: + items: + $ref: '#/components/schemas/Security_Timeline_API_SortObject' + type: array + Security_Timeline_API_TimelineResponse_3: + type: object + properties: + eventIdToNoteIds: + description: A list of all the notes that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + description: A list of all the ids of notes that are associated to this Timeline. + example: + - 709f99c6-89b6-4953-9160-35945c8e174e + items: + type: string + nullable: true + type: array + notes: + description: A list of all the notes that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + description: A list of all the ids of pinned events that are associated to this Timeline. + example: + - 983f99c6-89b6-4953-9160-35945c8a194f + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + description: A list of all the pinned events that are associated to this Timeline. + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + Security_Timeline_API_TimelineSavedToReturnObject_2: + type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + savedObjectId: + type: string + version: + type: string + required: + - savedObjectId + - version + Short_URL_APIs_urlResponse_Locator: + type: object + properties: + id: + description: The identifier for the locator. + type: string + state: + $ref: '#/components/schemas/Short_URL_APIs_urlResponse_Locator_State' + version: + description: The version of Kibana when the short URL was created. + type: string + Short_URL_APIs_urlResponse_Locator_State: + description: The locator parameters. + type: object + SLOs_artifacts_Dashboards_Item: + type: object + properties: + id: + description: Dashboard saved-object id + type: string + required: + - id + SLOs_bulk_delete_status_response_Results_Item: + type: object + properties: + error: + description: The error message if the deletion operation failed for this SLO + example: SLO [d08506b7-f0e8-4f8b-a06a-a83940f4db91] not found + type: string + id: + description: The ID of the SLO that was deleted + example: d08506b7-f0e8-4f8b-a06a-a83940f4db91 + type: string + success: + description: The result of the deletion operation for this SLO + example: true + type: boolean + SLOs_bulk_purge_rollup_request_PurgePolicy: + description: Policy that dictates which SLI documents to purge based on age + oneOf: + - $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy_1' + - $ref: '#/components/schemas/SLOs_bulk_purge_rollup_request_PurgePolicy_2' + type: object + SLOs_bulk_purge_rollup_request_PurgePolicy_1: + type: object + properties: + age: + description: The duration to determine which documents to purge, formatted as {duration}{unit}. This value should be greater than or equal to the time window of every SLO provided. + example: 7d + type: string + purgeType: + description: Specifies whether documents will be purged based on a specific age or on a timestamp + enum: + - fixed-age + type: string + SLOs_bulk_purge_rollup_request_PurgePolicy_2: + type: object + properties: + purgeType: + description: Specifies whether documents will be purged based on a specific age or on a timestamp + enum: + - fixed-time + type: string + timestamp: + description: The timestamp to determine which documents to purge, formatted in ISO. This value should be older than the applicable time window of every SLO provided. + example: '2024-12-31T00:00:00.000Z' + type: string + SLOs_delete_slo_instances_request_List_Item: + type: object + properties: + instanceId: + description: The SLO instance identifier + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + type: string + sloId: + description: The SLO unique identifier + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + type: string + required: + - sloId + - instanceId + SLOs_filter_Query: + type: object + SLOs_filter_meta_Params: + type: object + SLOs_find_slo_definitions_response_1: + type: object + properties: + page: + example: 1 + type: number + perPage: + example: 25 + type: number + results: + items: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + type: array + total: + example: 34 + type: number + SLOs_find_slo_definitions_response_2: + type: object + properties: + page: + default: 1 + description: for backward compability + type: number + perPage: + description: for backward compability + example: 25 + type: number + results: + items: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + type: array + searchAfter: + description: the cursor to provide to get the next paged results + example: + - some-slo-id + - other-cursor-id + items: + type: string + type: array + size: + example: 25 + type: number + total: + example: 34 + type: number + SLOs_group_by_1: + type: string + SLOs_group_by_2: + items: + type: string + type: array + SLOs_indicator_properties_apm_availability_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + environment: + description: The APM service environment or "*" + example: production + type: string + filter: + description: KQL query used for filtering the data + example: 'service.foo : "bar"' + type: string + index: + description: The index used by APM metrics + example: metrics-apm*,apm* + type: string + service: + description: The APM service name + example: o11y-app + type: string + transactionName: + description: The APM transaction name or "*" + example: GET /my/api + type: string + transactionType: + description: The APM transaction type or "*" + example: request + type: string + required: + - service + - environment + - transactionType + - transactionName + - index + SLOs_indicator_properties_apm_latency_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + environment: + description: The APM service environment or "*" + example: production + type: string + filter: + description: KQL query used for filtering the data + example: 'service.foo : "bar"' + type: string + index: + description: The index used by APM metrics + example: metrics-apm*,apm* + type: string + service: + description: The APM service name + example: o11y-app + type: string + threshold: + description: The latency threshold in milliseconds + example: 250 + type: number + transactionName: + description: The APM transaction name or "*" + example: GET /my/api + type: string + transactionType: + description: The APM transaction type or "*" + example: request + type: string + required: + - service + - environment + - transactionType + - transactionName + - index + - threshold + SLOs_indicator_properties_custom_kql_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + type: string + filter: + $ref: '#/components/schemas/SLOs_kql_with_filters' + good: + $ref: '#/components/schemas/SLOs_kql_with_filters_good' + index: + description: The index or index pattern to use + example: my-service-* + type: string + timestampField: + description: | + The timestamp field used in the source indice. + example: timestamp + type: string + total: + $ref: '#/components/schemas/SLOs_kql_with_filters_total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_custom_metric_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + type: string + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + good: + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good' + index: + description: The index or index pattern to use + example: my-service-* + type: string + timestampField: description: | - Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group. - errorGroupingKey: + The timestamp field used in the source indice. + example: timestamp + type: string + total: + $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_custom_metric_Params_Good: + description: | + An object defining the "good" metrics and equation + type: object + properties: + equation: + description: The equation to calculate the "good" metric. + example: A + type: string + metrics: + description: List of metrics with their name, aggregation type, and field. + items: + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good_Metrics_1' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Good_Metrics_2' + type: array + required: + - metrics + - equation + SLOs_indicator_properties_custom_metric_Params_Good_Metrics_1: + type: object + properties: + aggregation: + description: The aggregation type of the metric. + enum: + - sum + example: sum + type: string + field: + description: The field of the metric. + example: processor.processed + type: string + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' + type: string + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ + type: string + required: + - name + - aggregation + - field + SLOs_indicator_properties_custom_metric_Params_Good_Metrics_2: + type: object + properties: + aggregation: + description: The aggregation type of the metric. + enum: + - doc_count + example: doc_count type: string - description: | - Filter the errors coming from your application to apply the rule to a specific error grouping key, which is a hash of the stack trace and other properties. - params_property_apm_transaction_duration: - title: APM transaction duration + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' + type: string + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ + type: string + required: + - name + - aggregation + SLOs_indicator_properties_custom_metric_Params_Total: description: | - The parameters for the APM transaction duration rule. These parameters are appropriate when `rule_type_id` is `apm.transaction_duration`. + An object defining the "total" metrics and equation type: object + properties: + equation: + description: The equation to calculate the "total" metric. + example: A + type: string + metrics: + description: List of metrics with their name, aggregation type, and field. + items: + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total_Metrics_1' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric_Params_Total_Metrics_2' + type: array required: - - windowSize - - windowUnit - - threshold - - environment - - aggregationType + - metrics + - equation + SLOs_indicator_properties_custom_metric_Params_Total_Metrics_1: + type: object properties: - serviceName: + aggregation: + description: The aggregation type of the metric. + enum: + - sum + example: sum type: string - description: Filter the rule to apply to a specific service. - transactionType: + field: + description: The field of the metric. + example: processor.processed type: string - description: Filter the rule to apply to a specific transaction type. - transactionName: + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' type: string - description: Filter the rule to apply to a specific transaction name. - windowSize: - type: number - description: | - The size of the time window (in `windowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - example: 6 - windowUnit: + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ type: string - description: | - The type of units for the time window. For example: minutes, hours, or days. + required: + - name + - aggregation + - field + SLOs_indicator_properties_custom_metric_Params_Total_Metrics_2: + type: object + properties: + aggregation: + description: The aggregation type of the metric. enum: - - m - - h - - d - environment: + - doc_count + example: doc_count type: string - description: Filter the rule to apply to a specific environment. - threshold: - type: number - description: The latency threshold value. - groupBy: - type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name - description: | - Perform a composite aggregation against the selected fields. When any of these groups match the selected rule conditions, an alert is triggered per group. - aggregationType: + filter: + description: The filter to apply to the metric. + example: 'processor.outcome: *' + type: string + name: + description: The name of the metric. Only valid options are A-Z + example: A + pattern: ^[A-Z]$ type: string - enum: - - avg - - 95th - - 99th - description: The type of aggregation to perform. - params_property_apm_transaction_error_rate: - title: APM transaction error rate - description: | - The parameters for the APM transaction error rate rule. These parameters are appropriate when `rule_type_id` is `apm.transaction_error_rate`. - type: object required: - - windowSize - - windowUnit - - threshold - - environment + - name + - aggregation + SLOs_indicator_properties_histogram_Params: + description: An object containing the indicator parameters. + nullable: false + type: object properties: - serviceName: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string - description: The service name from APM - transactionType: + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' type: string - description: The transaction type from APM - transactionName: + good: + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params_Good' + index: + description: The index or index pattern to use + example: my-service-* type: string - description: The transaction name from APM - windowSize: - type: number - description: The window size - example: 6 - windowUnit: + timestampField: + description: | + The timestamp field used in the source indice. + example: timestamp type: string - description: The window size unit + total: + $ref: '#/components/schemas/SLOs_indicator_properties_histogram_Params_Total' + required: + - index + - timestampField + - good + - total + SLOs_indicator_properties_histogram_Params_Good: + description: | + An object defining the "good" events + type: object + properties: + aggregation: + description: The type of aggregation to use. enum: - - m - - h - - d - environment: + - value_count + - range + example: value_count type: string - description: The environment from APM - threshold: + field: + description: The field use to aggregate the good events. + example: processor.latency + type: string + filter: + description: The filter for good events. + example: 'processor.outcome: "success"' + type: string + from: + description: The starting value of the range. Only required for "range" aggregations. + example: 0 type: number - description: The error rate threshold value - groupBy: - type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name - aggfield: - description: | - The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`. - type: string - aggtype: - description: The type of aggregation to perform. - type: string - enum: - - avg - - count - - max - - min - - sum - default: count - excludehitsfrompreviousrun: - description: | - Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. - type: boolean - groupby: - description: | - Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked. - type: string - enum: - - all - - top - default: all - size: - description: | - The number of documents to pass to the configured actions when the threshold condition is met. - type: integer - termfield: - description: | - The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`. - oneOf: - - type: string - - type: array - items: - type: string - maxItems: 4 - termsize: - description: | - This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. - type: integer - threshold: - description: | - The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values. - type: array - items: - type: integer - example: 4000 - thresholdcomparator: - description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between". - type: string - enum: - - '>' - - '>=' - - < - - <= - - between - - notBetween - example: '>' - timefield: - description: The field that is used to calculate the time window. - type: string - timewindowsize: - description: | - The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - type: integer - example: 5 - timewindowunit: - description: | - The type of units for the time window: seconds, minutes, hours, or days. - type: string - enum: - - s - - m - - h - - d - example: m - params_es_query_dsl_rule: - title: Elasticsearch DSL query rule params + to: + description: The ending value of the range. Only required for "range" aggregations. + example: 100 + type: number + required: + - aggregation + - field + SLOs_indicator_properties_histogram_Params_Total: description: | - An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + An object defining the "total" events type: object + properties: + aggregation: + description: The type of aggregation to use. + enum: + - value_count + - range + example: value_count + type: string + field: + description: The field use to aggregate the good events. + example: processor.latency + type: string + filter: + description: The filter for total events. + example: 'processor.outcome : *' + type: string + from: + description: The starting value of the range. Only required for "range" aggregations. + example: 0 + type: number + to: + description: The ending value of the range. Only required for "range" aggregations. + example: 100 + type: number required: - - esQuery - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - esQuery: - description: The query definition, which uses Elasticsearch Query DSL. - type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' + - aggregation + - field + SLOs_indicator_properties_timeslice_metric_Params: + description: An object containing the indicator parameters. + nullable: false + type: object + properties: + dataViewId: + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + type: string + filter: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string index: - description: The indices to query. - oneOf: - - type: array - items: - type: string - - type: string - searchType: - description: The type of query, in this case a query that uses Elasticsearch Query DSL. + description: The index or index pattern to use + example: my-service-* type: string - enum: - - esQuery - default: esQuery - example: esQuery - size: - $ref: '#/components/schemas/size' - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_es_query_esql_rule: - title: Elasticsearch ES|QL query rule params + metric: + $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric_Params_Metric' + timestampField: + description: | + The timestamp field used in the source indice. + example: timestamp + type: string + required: + - index + - timestampField + - metric + SLOs_indicator_properties_timeslice_metric_Params_Metric: description: | - An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + An object defining the metrics, equation, and threshold to determine if it's a good slice or not type: object - required: - - esqlQuery - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - esqlQuery: - type: object - required: - - esql - properties: - esql: - description: The query definition, which uses Elasticsearch Query Language. - type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' - searchType: - description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL). - type: string + properties: + comparator: + description: The comparator to use to compare the equation to the threshold. enum: - - esqlQuery - example: esqlQuery - size: - type: integer - description: | - When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior. - example: 0 - termSize: - $ref: '#/components/schemas/termsize' - threshold: + - GT + - GTE + - LT + - LTE + example: GT + type: string + equation: + description: The equation to calculate the metric. + example: A + type: string + metrics: + description: List of metrics with their name, aggregation type, and field. + items: + anyOf: + - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' + discriminator: + mapping: + avg: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + cardinality: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + doc_count: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' + last_value: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + max: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + min: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + percentile: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + std_deviation: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + sum: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + propertyName: aggregation type: array + threshold: + description: The threshold used to determine if the metric is a good slice or not. + example: 100 + type: number + required: + - metrics + - equation + - comparator + - threshold + SLOs_kql_with_filters_1: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + SLOs_kql_with_filters_2: + type: object + properties: + filters: items: - type: integer - minimum: 0 - maximum: 0 - description: | - The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero. - thresholdComparator: + $ref: '#/components/schemas/SLOs_filter' + type: array + kqlQuery: type: string - description: | - The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results. - enum: - - '>' - example: '>' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - filter: + SLOs_kql_with_filters_good_1: + description: the KQL query to filter the documents with. + example: 'request.latency <= 150 and request.status_code : "2xx"' + type: string + SLOs_kql_with_filters_good_2: type: object - description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. properties: - meta: - type: object - properties: - alias: - type: string - nullable: true - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - group: - type: string - index: - type: string - isMultiIndex: - type: boolean - key: - type: string - negate: - type: boolean - params: - type: object - type: - type: string - value: - type: string - query: - type: object - $state: - type: object - params_es_query_kql_rule: - title: Elasticsearch KQL query rule params - description: | - An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + filters: + items: + $ref: '#/components/schemas/SLOs_filter' + type: array + kqlQuery: + type: string + SLOs_kql_with_filters_total_1: + description: the KQL query to filter the documents with. + example: 'field.environment : "production" and service.name : "my-service"' + type: string + SLOs_kql_with_filters_total_2: type: object - required: - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/groupby' - searchConfiguration: - description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch. - type: object - properties: - filter: - type: array - items: - $ref: '#/components/schemas/filter' - index: - description: The indices to query. - oneOf: - - type: string - - type: array - items: - type: string - query: - type: object - properties: - language: - type: string - example: kuery - query: - type: string - searchType: - description: The type of query, in this case a text-based query that uses KQL or Lucene. + properties: + filters: + items: + $ref: '#/components/schemas/SLOs_filter' + type: array + kqlQuery: type: string - enum: - - searchSource - example: searchSource - size: - $ref: '#/components/schemas/size' - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_index_threshold_rule: - title: Index threshold rule params - description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`. + Synthetics_browserMonitorFields_2: + additionalProperties: true type: object - required: - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit - properties: - aggField: - $ref: '#/components/schemas/aggfield' - aggType: - $ref: '#/components/schemas/aggtype' - filterKuery: - description: A KQL expression thats limits the scope of alerts. + properties: + ignore_https_errors: + default: false + description: Ignore HTTPS errors. + type: boolean + inline_script: + description: The inline script. + type: string + playwright_options: + $ref: '#/components/schemas/Synthetics_browserMonitorFields_Playwright_options' + screenshots: + default: 'on' + description: The screenshot option. + enum: + - 'on' + - 'off' + - only-on-failure type: string - groupBy: - $ref: '#/components/schemas/groupby' - index: - description: The indices to query. - type: array + synthetics_args: + description: Synthetics agent CLI arguments. items: type: string - termField: - $ref: '#/components/schemas/termfield' - termSize: - $ref: '#/components/schemas/termsize' - threshold: - $ref: '#/components/schemas/threshold' - thresholdComparator: - $ref: '#/components/schemas/thresholdcomparator' - timeField: - $ref: '#/components/schemas/timefield' - timeWindowSize: - $ref: '#/components/schemas/timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/timewindowunit' - params_property_infra_inventory: - title: Inventory + type: array + type: + description: The monitor type. + enum: + - browser + type: string + required: + - inline_script + - type + Synthetics_browserMonitorFields_Playwright_options: + description: Playwright options. + type: object + Synthetics_commonMonitorFields_Alert: + description: | + The alert configuration. The default is `{ status: { enabled: true }, tls: { enabled: true } }`. + type: object + Synthetics_commonMonitorFields_Labels: + additionalProperties: + type: string description: | - The parameters for the infrastructure inventory rule. These parameters are appropriate when `rule_type_id` is `metrics.alert.inventory.threshold`. + Key-value pairs of labels to associate with the monitor. Labels can be used for filtering and grouping monitors. + type: object + Synthetics_getPrivateLocation_Geo: + description: Geographic coordinates (WGS84) for the location. type: object properties: - criteria: - type: array - items: - type: object - properties: - metric: - type: string - enum: - - count - - cpu - - diskLatency - - load - - memory - - memoryTotal - - tx - - rx - - logRate - - diskIOReadBytes - - diskIOWriteBytes - - s3TotalRequests - - s3NumberOfObjects - - s3BucketSize - - s3DownloadBytes - - s3UploadBytes - - rdsConnections - - rdsQueriesExecuted - - rdsActiveTransactions - - rdsLatency - - sqsMessagesVisible - - sqsMessagesDelayed - - sqsMessagesSent - - sqsMessagesEmpty - - sqsOldestMessage - - custom - timeSize: - type: number - timeUnit: - type: string - enum: - - s - - m - - h - - d - sourceId: - type: string - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - customMetric: - type: object - properties: - type: - type: string - enum: - - custom - field: - type: string - aggregation: - type: string - enum: - - avg - - max - - min - - rate - id: - type: string - label: - type: string - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - filterQuery: + lat: + description: The latitude of the location. + type: number + lon: + description: The longitude of the location. + type: number + required: + - lat + - lon + Synthetics_httpMonitorFields_2: + additionalProperties: true + type: object + properties: + check: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check' + ipv4: + default: true + description: If `true`, ping using the ipv4 protocol. + type: boolean + ipv6: + default: true + description: If `true`, ping using the ipv6 protocol. + type: boolean + max_redirects: + default: 0 + description: The maximum number of redirects to follow. + type: number + mode: + default: any + description: | + The mode of the monitor. If it is `all`, the monitor pings all resolvable IPs for a hostname. If it is `any`, the monitor pings only one IP address for a hostname. If you're using a DNS-load balancer and want to ping every IP address for the specified hostname, you should use `all`. + enum: + - all + - any type: string - filterQueryText: + password: + description: | + The password for authenticating with the server. The credentials are passed with the request. type: string - nodeType: + proxy_headers: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Proxy_headers' + proxy_url: + description: The URL of the proxy to use for this monitor. type: string + response: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Response' + ssl: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Ssl' + type: + description: The monitor type. enum: - - host - - pod - - container - - awsEC2 - - awsS3 - - awsSQS - - awsRDS - sourceId: + - http type: string - alertOnNoData: - type: boolean - params_property_log_threshold: - oneOf: - - title: Log threshold count - description: | - The parameters for a log threshold rule that counts the number of log entries that match the criteria. These parameters are appropriate when `rule_type_id` is `logs.alert.document.count`. - type: object - required: - - count - - timeSize - - timeUnit - - logView - properties: - criteria: - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: - type: object - properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: - type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: - type: array - items: - type: string - - title: Log threshold ratio + url: + description: The URL to monitor. + type: string + username: description: | - The parameters for a log threshold rule that calculates the ratio of log entries that match the criteria. These parameters are appropriate when `rule_type_id` is `logs.alert.document.count`. - type: object - required: - - count - - timeSize - - timeUnit - - logView - properties: - criteria: - type: array - items: - minItems: 2 - maxItems: 2 - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: - type: object - properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: - type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: - type: array - items: - type: string - params_property_infra_metric_threshold: - title: Metric threshold - description: | - The parameters for the metric threshold rule. These parameters are appropriate when `rule_type_id` is `metrics.alert.threshold`. + The username for authenticating with the server. The credentials are passed with the request. + type: string + required: + - type + - url + Synthetics_httpMonitorFields_Check: + description: The check request settings. type: object properties: - criteria: - type: array - items: - oneOf: - - title: non count criterion - type: object - properties: - threshold: - type: array - items: - type: number - description: | - The threshold value that is used with the `comparator`. If the `comparator` is `between`, you must specify the boundary values. - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - description: | - The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "outside". - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - description: | - The threshold value that is used with the `warningComparator`. If the `warningComparator` is `between`, you must specify the boundary values. - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - metric: - type: string - aggType: - type: string - enum: - - avg - - max - - min - - cardinality - - rate - - count - - sum - - p95 - - p99 - - custom - - title: count criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - count - - title: custom criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - enum: - - s - - m - - h - - d - description: | - The type of units for the time window: seconds, minutes, hours, or days. - timeSize: - type: number - description: | - The size of the time window (in `timeUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - custom - customMetric: - type: array - items: - oneOf: - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - avg - - sum - - max - - min - - cardinality - description: | - An aggregation to gather data for the rule. For example, find the average, highest or lowest value of a numeric field. Or use a cardinality aggregation to find the approximate number of unique values in a field. - field: - type: string - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - count - filter: - type: string - equation: - type: string - label: - type: string - groupBy: - oneOf: - - type: string - - type: array - items: - type: string - description: | - Create an alert for every unique value of the specified fields. For example, you can create a rule per host or every mount point of each host. - IMPORTANT: If you include the same field in both the `filterQuery` and `groupBy`, you might receive fewer results than you expect. For example, if you filter by `cloud.region: us-east`, grouping by `cloud.region` will have no effect because the filter query can match only one region. - filterQuery: + request: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check_Request' + response: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check_Response' + Synthetics_httpMonitorFields_Check_Request: + description: An optional request to send to the remote host. + type: object + properties: + body: + description: Optional request body content. type: string - description: | - A query that limits the scope of the rule. The rule evaluates only metric data that matches the query. - sourceId: + headers: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check_Request_Headers' + method: + description: The HTTP method to use. + enum: + - HEAD + - GET + - POST + - OPTIONS type: string - alertOnNoData: - type: boolean - description: If true, an alert occurs if the metrics do not report any data over the expected period or if the query fails. - alertOnGroupDisappear: - type: boolean - description: | - If true, an alert occurs if a group that previously reported metrics does not report them again over the expected time period. This check is not recommended for dynamically scaling infrastructures that might rapidly start and stop nodes automatically. - params_property_slo_burn_rate: - title: SLO burn rate + Synthetics_httpMonitorFields_Check_Request_Headers: description: | - The parameters for the SLO burn rate rule. These parameters are appropriate when `rule_type_id` is `slo.rules.burnRate`. + A dictionary of additional HTTP headers to send. By default, Synthetics will set the User-Agent header to identify itself. + type: object + Synthetics_httpMonitorFields_Check_Response: + additionalProperties: true + description: The expected response. type: object properties: - sloId: - description: The SLO identifier used by the rule - type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - burnRateThreshold: - description: The burn rate threshold used to trigger the alert - type: number - example: 14.4 - maxBurnRateThreshold: - description: The maximum burn rate threshold value defined by the SLO error budget - type: number - example: 168 - longWindow: - description: The duration of the long window used to compute the burn rate - type: object - properties: - value: - description: The duration value - type: number - example: 6 - unit: - description: The duration unit - type: string - example: h - shortWindow: - description: The duration of the short window used to compute the burn rate - type: object - properties: - value: - description: The duration value - type: number - example: 30 - unit: - description: The duration unit - type: string - example: m - params_property_synthetics_uptime_tls: - title: Synthetics TLS certificate + body: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check_Response_Body' + headers: + $ref: '#/components/schemas/Synthetics_httpMonitorFields_Check_Response_Headers' + Synthetics_httpMonitorFields_Check_Response_Body: + type: object + Synthetics_httpMonitorFields_Check_Response_Headers: + description: A dictionary of expected HTTP headers. If the header is not found, the check fails. + type: object + Synthetics_httpMonitorFields_Proxy_headers: + description: Additional headers to send to proxies during CONNECT requests. + type: object + Synthetics_httpMonitorFields_Response: + description: Controls the indexing of the HTTP response body contents to the `http.response.body.contents field`. + type: object + Synthetics_httpMonitorFields_Ssl: description: | - The parameters for the synthetics TLS certificate rule. These parameters are appropriate when `rule_type_id` is `xpack.uptime.alerts.tls`. + The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used. + type: object + Synthetics_icmpMonitorFields_2: + additionalProperties: true type: object properties: - search: + host: + description: The host to ping. type: string - certExpirationThreshold: - type: number - certAgeThreshold: + type: + description: The monitor type. + enum: + - icmp + type: string + wait: + default: 1 + description: The wait time in seconds. type: number - params_property_synthetics_monitor_status: - title: Synthetics monitor status - description: | - The parameters for the Synthetics monitor status rule. These parameters are appropriate when `rule_type_id` is `xpack.uptime.alerts.monitorStatus`. - type: object required: - - numTimes - - shouldCheckStatus - - shouldCheckAvailability + - host + - type + Synthetics_tcpMonitorFields_2: + additionalProperties: true + type: object properties: - availability: - type: object - properties: - range: - type: number - rangeUnit: - type: string - threshold: - type: string - filters: - oneOf: - - type: string - - type: object - deprecated: true - properties: - monitor.type: - type: array - items: - type: string - observer.geo.name: - type: array - items: - type: string - tags: - type: array - items: - type: string - url.port: - type: array - items: - type: string - locations: - deprecated: true - type: array - items: - type: string - numTimes: - type: number - search: + host: + description: | + The host to monitor; it can be an IP address or a hostname. The host can include the port using a colon, for example "example.com:9200". type: string - shouldCheckStatus: - type: boolean - shouldCheckAvailability: - type: boolean - timerangeCount: - type: number - timerangeUnit: + proxy_url: + description: | + The URL of the SOCKS5 proxy to use when connecting to the server. The value must be a URL with a scheme of `socks5://`. If the SOCKS5 proxy server requires client authentication, then a username and password can be embedded in the URL. When using a proxy, hostnames are resolved on the proxy server instead of on the client. You can change this behavior by setting the `proxy_use_local_resolver` option. type: string - timerange: - deprecated: true - type: object - properties: - from: - type: string - to: - type: string - version: - type: number - isAutoGenerated: + proxy_use_local_resolver: + default: false + description: | + Specify that hostnames are resolved locally instead of being resolved on the proxy server. If `false`, name resolution occurs on the proxy server. type: boolean + ssl: + $ref: '#/components/schemas/Synthetics_tcpMonitorFields_Ssl' + type: + description: The monitor type. + enum: + - tcp + type: string + required: + - host + - type + Synthetics_tcpMonitorFields_Ssl: + description: | + The TLS/SSL connection settings for use with the HTTPS endpoint. If you don't specify settings, the system defaults are used. + type: object + Task_manager_health_APIs_health_response_Stats: + type: object + properties: + capacity_estimation: + $ref: '#/components/schemas/Task_manager_health_APIs_health_response_Stats_Capacity_estimation' + configuration: + $ref: '#/components/schemas/Task_manager_health_APIs_configuration' + runtime: + $ref: '#/components/schemas/Task_manager_health_APIs_health_response_Stats_Runtime' + workload: + $ref: '#/components/schemas/Task_manager_health_APIs_workload' + Task_manager_health_APIs_health_response_Stats_Capacity_estimation: + description: | + This object provides a rough estimate about the sufficiency of its capacity. These are estimates based on historical data and should not be used as predictions. + type: object + Task_manager_health_APIs_health_response_Stats_Runtime: + description: | + This object tracks runtime performance of Task Manager, tracking task drift, worker load, and stats broken down by type, including duration and run results. + type: object securitySchemes: apiKeyAuth: description: | diff --git a/oas_docs/scripts/extract_components.js b/oas_docs/scripts/extract_components.js new file mode 100644 index 0000000000000..a41221acbefed --- /dev/null +++ b/oas_docs/scripts/extract_components.js @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +require('@kbn/setup-node-env'); +const { run } = require('@kbn/dev-cli-runner'); +const { componentizeObjectSchemas } = require('../lib/componentize'); +// CLI runner - only run when executed directly, not when required as a module +if (require.main === module) { + run( + async ({ log, flagsReader }) => { + const [relativeFilePath] = flagsReader.getPositionals(); + await componentizeObjectSchemas(relativeFilePath, { log }); + }, + { + description: 'Extract object schemas to referenced components in a given OAS file.', + usage: 'node scripts/componentize.js ', + } + ); +} + +module.exports = { extractComponents: componentizeObjectSchemas }; diff --git a/oas_docs/scripts/merge_ess_oas.js b/oas_docs/scripts/merge_ess_oas.js index d058daa018b23..e75e0801ae8d3 100644 --- a/oas_docs/scripts/merge_ess_oas.js +++ b/oas_docs/scripts/merge_ess_oas.js @@ -10,8 +10,14 @@ require('@kbn/setup-node-env'); const { merge } = require('@kbn/openapi-bundler'); const { REPO_ROOT } = require('@kbn/repo-info'); +const { extractComponents } = require('./extract_components'); const checkBundle = require('./check_bundles'); +/** + * Merges all Kibana ESS related OpenAPI spec files into a single file + * and outputs the result to oas_docs/output/kibana.yaml + * then extracts and converts object schemas to components, mutating the output file. + */ (async () => { checkBundle(`${REPO_ROOT}/oas_docs/bundle.json`); await merge({ @@ -50,4 +56,5 @@ const checkBundle = require('./check_bundles'); prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.yaml`, }, }); + await extractComponents(`${REPO_ROOT}/oas_docs/output/kibana.yaml`); })(); diff --git a/oas_docs/scripts/merge_serverless_oas.js b/oas_docs/scripts/merge_serverless_oas.js index 85519bd57a8b1..76ef7dae8d4a7 100644 --- a/oas_docs/scripts/merge_serverless_oas.js +++ b/oas_docs/scripts/merge_serverless_oas.js @@ -9,9 +9,15 @@ require('@kbn/setup-node-env'); const { merge } = require('@kbn/openapi-bundler'); +const { extractComponents } = require('./extract_components'); const { REPO_ROOT } = require('@kbn/repo-info'); const checkBundle = require('./check_bundles'); +/** + * Merges all Kibana ESS related OpenAPI spec files into a single file + * and outputs the result to oas_docs/output/kibana.yaml + * then extracts and converts object schemas to components, mutating the output file. + */ (async () => { checkBundle(`${REPO_ROOT}/oas_docs/bundle.serverless.json`); await merge({ @@ -40,4 +46,5 @@ const checkBundle = require('./check_bundles'); prototypeDocument: `${REPO_ROOT}/oas_docs/kibana.info.serverless.yaml`, }, }); + await extractComponents(`${REPO_ROOT}/oas_docs/output/kibana.serverless.yaml`); })(); diff --git a/oas_docs/scripts/resolve_external_refs.js b/oas_docs/scripts/resolve_external_refs.js new file mode 100644 index 0000000000000..aedb9dc845fba --- /dev/null +++ b/oas_docs/scripts/resolve_external_refs.js @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +require('@kbn/setup-node-env'); +const { run } = require('@kbn/dev-cli-runner'); +const { resolveExternalReferences } = require('../lib/resolve_external_refs'); + +if (require.main === module) { + run( + async ({ log, flagsReader }) => { + try { + const [relativeFilePath] = flagsReader.getPositionals(); + if (!relativeFilePath) { + log.error('Please provide a file path'); + process.exit(1); + } + await resolveExternalReferences(relativeFilePath, { log }); + } catch (error) { + log.error(`Error: ${error.message}`); + log.error(error.stack); + process.exit(1); + } + }, + { + description: 'Resolve external file references to component references in a given OAS file.', + usage: 'node scripts/resolve_external_refs.js ', + } + ).catch((error) => { + console.error('Unhandled error:', error); + process.exit(1); + }); +} + +module.exports = { resolveExternalRefs: resolveExternalReferences }; diff --git a/x-pack/platform/plugins/shared/cloud_connect/public/application/components/onboarding/connection_wizard/index.tsx b/x-pack/platform/plugins/shared/cloud_connect/public/application/components/onboarding/connection_wizard/index.tsx index 6424f5da54184..9a2fca47d6809 100644 --- a/x-pack/platform/plugins/shared/cloud_connect/public/application/components/onboarding/connection_wizard/index.tsx +++ b/x-pack/platform/plugins/shared/cloud_connect/public/application/components/onboarding/connection_wizard/index.tsx @@ -180,6 +180,7 @@ export const ConnectionWizard: React.FC = ({ onConnect }) <> ; const mockedPackagePolicyService = packagePolicyService as jest.Mocked; diff --git a/x-pack/platform/plugins/shared/fleet/server/services/epm/elasticsearch/transform/install.ts b/x-pack/platform/plugins/shared/fleet/server/services/epm/elasticsearch/transform/install.ts index 6f9d8e17a2a1a..d9a68cc783510 100644 --- a/x-pack/platform/plugins/shared/fleet/server/services/epm/elasticsearch/transform/install.ts +++ b/x-pack/platform/plugins/shared/fleet/server/services/epm/elasticsearch/transform/install.ts @@ -54,10 +54,11 @@ import { STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS, } from '../../../../constants'; +import { appContextService } from '../../../app_context'; + import { deleteTransforms } from './remove'; import { getDestinationIndexAliases } from './transform_utils'; import { loadMappingForTransform } from './mappings'; -import { appContextService } from '../../../app_context'; const DEFAULT_TRANSFORM_TEMPLATES_PRIORITY = 250; enum TRANSFORM_SPECS_TYPES { diff --git a/x-pack/platform/plugins/shared/streams_app/public/components/data_management/shared/condition_editor.tsx b/x-pack/platform/plugins/shared/streams_app/public/components/data_management/shared/condition_editor.tsx index 07c47905bd27e..4ac6639a558ab 100644 --- a/x-pack/platform/plugins/shared/streams_app/public/components/data_management/shared/condition_editor.tsx +++ b/x-pack/platform/plugins/shared/streams_app/public/components/data_management/shared/condition_editor.tsx @@ -125,8 +125,20 @@ export function ConditionEditor(props: ConditionEditorProps) { id="xpack.streams.conditionEditor.arrayOperatorHelpText" defaultMessage="Use {includes} for array/multivalue fields. For partial matches, use {contains}." values={{ - includes: includes, - contains: contains, + includes: ( + + {i18n.translate('xpack.streams.conditionEditor.strong.includesLabel', { + defaultMessage: 'includes', + })} + + ), + contains: ( + + {i18n.translate('xpack.streams.conditionEditor.strong.containsLabel', { + defaultMessage: 'contains', + })} + + ), }} /> ) : undefined